Late last week I spotted the first handful of posts about the ASP.NET security vulnerability. I’m no security expert and without tons of research it’s often hard to properly assess the level of danger posed by these vulnerabilities.
However, this news quickly gained momentum quickly and Microsoft posted a Security Advisory. Later, Scott Guthrie weighed in on the topic. As more information became available, it appeared this was the real deal and it looked downright scary.
[ Like most YouTube videos, I recommend turning down the volume for this video. ]
A lot of the blog posts and videos, seem to demonstrate this vulnerability against DotNetNuke. However, in reality, many (if not most) ASP.NET-based CMS’s are vulnerable at some level. Internally, at Telerik, we had a flurry of conversations on this topic over the weekend. We are still fully assessing the level of risk, but it seems there is some risk to Sitefinity CMS.
Consequently, we recommend that Sitefinity customers implement the solution recommended in Scott Guthrie’s blog post. I also published a full blog post on this subject to Sitefinity.com.