Hi Telerik team,
Is cryptographic vulnerability described at http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness?utm_medium=email
only applicable if we are using “Telerik.Web.UI.DialogHandler” control in our application ?
Thanks.
2 Answers, 1 is accepted
0
DotNet
Top achievements
Rank 1
Rank 1
answered on 30 Jun 2017, 05:35 AM
Hi, I was wondering the same thing. Also if the dialog handler isn't referenced in the web.config do you need to include the 'remove' in handlers?
0
Hello,
@shp: If you remove the Telerik.Web.UI.DialogHandler from the web.config file the cryptographic vulnerability won't be applicable. This is discussed in the following section of the KB article: http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness?utm_medium=email#prevent-access.
@DotNet: If the handler is not available in the web.config, it is not needed to add a remove attribute to the web.config file.
Best regards,
Rumen
Progress Telerik
@shp: If you remove the Telerik.Web.UI.DialogHandler from the web.config file the cryptographic vulnerability won't be applicable. This is discussed in the following section of the KB article: http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness?utm_medium=email#prevent-access.
@DotNet: If the handler is not available in the web.config, it is not needed to add a remove attribute to the web.config file.
Best regards,
Rumen
Progress Telerik
Try our brand new, jQuery-free Angular 2 components built from ground-up which
deliver the business app essential building blocks - a grid component,
data visualization (charts) and form elements.