This is a migrated thread and some comments may be shown as answers.

How to validate Sitefinity cryptographic weakness fix?

1 Answer 21 Views
Forum suggestions
This is a migrated thread and some comments may be shown as answers.
Suresh
Top achievements
Rank 1
Suresh asked on 20 Jul 2017, 07:37 AM

 

We are trying to contact Sitefinity to check status about the latest security vulnerability in Sitefinity due to cryptographic weakness [CVE-2017-9248].  As our version is older, we have to verify the steps we have taken is valid and is that enough for the security issue.

Our Sitefinity version is 3.7.2136

and what we did is, we prevented the access to Dialog Handler as suggested in http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness#prevent-access
 by removing the handler in the web.config file and also changed Machine keys.

Can you please let us know if that will be enough for now? Is there a way to measure this and make sure that security is improved?

1 Answer, 1 is accepted

Sort by
0
Boyan Barnev
Telerik team
answered on 21 Jul 2017, 08:32 AM
Hello Suresh,

Yes, I can confirm that for version 3.7 the steps you have taken are the correct ones to address the CVE-2017-9248 cryptographic weakness. The KB article you have referenced also contains information on how to verify whether the dialog handler has been properly disabled, so you can follow this set of instructions to confirm the successful operation.

At this point this is all the official information we have disclosed and can discuss in public. If you prefer to continue the discussion, or have further follow-up questions, which might necessitate private communication, we would be glad to assist you via our phone or support ticket channels, which you can find listed on the Sitefintiy Support center page.

Regards,
Boyan Barnev
Progress Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
Forum suggestions
Asked by
Suresh
Top achievements
Rank 1
Answers by
Boyan Barnev
Telerik team
Share this question
or