http://www.thycotic.com/forums/messages.aspx?TopicID=299 Thycotic Community - Secret Server - Asp.Net Vulnerability - Secret Server Security Patch Required - Messages en-us http://blogs.law.harvard.edu/tech/rss Jitbit AspNetForum Thu, 23 Sep 2010 06:20:30 GMT Thu, 23 Sep 2010 06:20:30 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=299
At present, there is not, but we are working towards implementing something like that soon. There should be a forum post announcing this feature in the not-too-distant future.

Scott
Thycotic Software]]> Thu, 23 Sep 2010 06:20:30 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=299 Wed, 22 Sep 2010 10:56:53 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=299
If you update you will not need to apply the patch manually.]]> Mon, 20 Sep 2010 12:34:22 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=299
A vulnerability in Microsoft ASP.Net framework is a immediate security concern for Secret Server customers. The vulnerability allows hackers to access the file system as well as potentially retrieve encrypted ViewState data.

For more details on this vulnerability see the following Microsoft Security Advisory: <a href="http://www.microsoft.com/technet/security/advisory/2416728.mspx">http://www.microsoft.com/technet/security/advisory/2416728.mspx</a>

Secret Server Patch

A Secret Server patch is available with more information in this Knowledge Base article:
<a href="http://support.thycotic.com/KB/a106/aspnet-vulnerability-security-patch-9202010.aspx?KBSearchID=6051">http://support.thycotic.com/KB/a106/aspnet-vulnerability-security-patch-9202010.aspx?KBSearchID=6051</a>

Note: Secret Server Online has already been patched.
]]> Mon, 20 Sep 2010 09:15:35 GMT