I've been working on resolving a Telerik vulnerability in our site that is using version 2015.3.1111.45 of Telerik.Web.UI (see https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness). I've applied the patched dll to the site, so now when our tester tries the exploit, she gets an error page that says "Cannot deserialize dialog parameters. Please refresh the editor page.
Error Message:The hash is not valid!" Our security group is not happy with that error page and wants to see something more generic and less revealing to the would-be hacker. Our ASP.NET MVC application is configured in the web.config to have "customErrorsMode" set to "On" so that any unhandled errors will automatically redirect the user to a very generic and static html error page. Unfortunately even with this set in our production environment, we are still getting the "Cannot deserialize dialog parameters....." error... presumably being generated by Telerik somehow.
Can you provide a solution on how to customize this error message or get around it so that it will fall though to the .NET error handling of the web application itself?