This is a migrated thread and some comments may be shown as answers.

New Cryptographic Vulnerability

2 Answers 128 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
shp
Top achievements
Rank 1
shp asked on 29 Jun 2017, 10:05 PM

Hi Telerik team,

Is cryptographic vulnerability described at http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness?utm_medium=email

only applicable if we are using “Telerik.Web.UI.DialogHandler” control in our application ?  

Thanks.

2 Answers, 1 is accepted

Sort by
0
DotNet
Top achievements
Rank 1
answered on 30 Jun 2017, 05:35 AM
Hi, I was wondering the same thing. Also if the dialog handler isn't referenced in the web.config do you need to include the 'remove' in handlers?
0
Rumen
Telerik team
answered on 30 Jun 2017, 11:52 AM
Hello,

@shp: If you remove the Telerik.Web.UI.DialogHandler from the web.config file the cryptographic vulnerability won't be applicable. This is discussed in the following section of the KB article: http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness?utm_medium=email#prevent-access.

@DotNet: If the handler is not available in the web.config, it is not needed to add a remove attribute to the web.config file.

Best regards,
Rumen
Progress Telerik
Try our brand new, jQuery-free Angular 2 components built from ground-up which deliver the business app essential building blocks - a grid component, data visualization (charts) and form elements.
Tags
General Discussions
Asked by
shp
Top achievements
Rank 1
Answers by
DotNet
Top achievements
Rank 1
Rumen
Telerik team
Share this question
or