Hi there!
We’ve identified that the reporting component returns verbose error messages with a 200 HTTP status code, making our application vulnerable to XSS attacks.
Please could you contact us privately, as soon as possible for more details.
Thanks, in advance.
We’ve identified that the reporting component returns verbose error messages with a 200 HTTP status code, making our application vulnerable to XSS attacks.
Please could you contact us privately, as soon as possible for more details.
Thanks, in advance.
7 Answers, 1 is accepted
0
Robbie Hughes
Top achievements
Rank 1
Rank 1
answered on 17 Jan 2013, 04:10 PM
Hi there
Could someone from Telerik please answer this question?
Thanks
Could someone from Telerik please answer this question?
Thanks
0
Hi guys,
The report viewer communicates only with its http handler which returns verbose error messages only when there is a problem while processing or rendering the reports. In this way the web application is protected as the attacker cannot gain access to sensitive data by sending requests to the report viewer's handler.
Kind regards,
Chavdar
the Telerik team
The report viewer communicates only with its http handler which returns verbose error messages only when there is a problem while processing or rendering the reports. In this way the web application is protected as the attacker cannot gain access to sensitive data by sending requests to the report viewer's handler.
Kind regards,
Chavdar
the Telerik team
HAPPY WITH REPORTING? Do you feel that it is fantastic? Or easy to use? Or better than Crystal Reports? Tell the world, and help fellow developers! Write a short review about Telerik Reporting and Telerik Report Designer in Visual Studio Gallery today!
0
Bill
Top achievements
Rank 1
Rank 1
answered on 20 Mar 2013, 10:53 AM
Hi Chavdar
Thanks for your reply. I am sorry for my late response!
Unfortunately your answer doesn't address our concern. In order to be specific about why, we would rather email the details than post security flaws about our software on the web. To that end, please could you provide us with an email address that we can use to send the results from our penetration testing?
Many thanks
Thanks for your reply. I am sorry for my late response!
Unfortunately your answer doesn't address our concern. In order to be specific about why, we would rather email the details than post security flaws about our software on the web. To that end, please could you provide us with an email address that we can use to send the results from our penetration testing?
Many thanks
0
Hi Bill,
Peter
the Telerik team
Our suggestion is to open a general feedback thread.
All the best,Peter
the Telerik team
Telerik Reporting Q1 2013 available for download with impressive new visualizations. Download today from your account.
0
Ervinna
Top achievements
Rank 1
Rank 1
answered on 28 May 2013, 10:07 AM
Hi There,
I am using Telerik 2011_2_712 to develop project.
But Telerik does not pass the penetration test.
I have a list of issue found which causes the penetration test fail in Excel file.
How can i send you the file?
Is it being fixed?
Thanks.
I am using Telerik 2011_2_712 to develop project.
But Telerik does not pass the penetration test.
I have a list of issue found which causes the penetration test fail in Excel file.
How can i send you the file?
Is it being fixed?
Thanks.
0
Ervinna
Top achievements
Rank 1
Rank 1
answered on 29 May 2013, 03:11 PM
Hi all,
Is anyone facing the same problem which telerik did not pass the penetration test?
Is anyone facing the same problem which telerik did not pass the penetration test?
0
Bill
Top achievements
Rank 1
Rank 1
answered on 30 May 2013, 09:44 AM
Hi Ervinna
We had problems with this too, as you can see on earlier posts. Telerik advised us to report via an open feedback thread (link in Peter's post).
Cheers
Bill
We had problems with this too, as you can see on earlier posts. Telerik advised us to report via an open feedback thread (link in Peter's post).
Cheers
Bill