Potential Bug in Telerik Website

2 posts, 0 answers
  1. Deepak Vasudevan
    Deepak Vasudevan avatar
    82 posts
    Member since:
    May 2010

    Posted 25 Sep 2012 Link to this post

    When you install Telerik tools you are actually sending login credentials to server to activate right? I see them being passed in http without any encryption albeit as an XML string. See the capture below. Confidential info changed.

    Can you fix this please?

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Body>
    <AuthenticateResponse xmlns="http://tempuri.org/">
    <AuthenticateResult xmlns:a="http://schemas.datacontract.org/2004/07/Telerik.WebSite.DataContracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
    <a:HashedKey>Why You Need This?</a:HashedKey>
    <a:IsRemembered>true</a:IsRemembered>
    <a:Name>Why You Need This?</a:Name>
    <a:Password>Why You Need This?</a:Password>
    </AuthenticateResult>
    </AuthenticateResponse>
    </s:Body>
    </s:Envelope>
  2.
  3. Dimo Mitev
    Admin
    Dimo Mitev avatar
    20 posts

    Posted 28 Sep 2012 Link to this post

    Hello,

     Thank you for your post.

     Could it be that your Fiddler is configured to decrypt HTTPS transfers?

     I just double-checked that the services the web installer refers to are HTTPS only, hence my question.

    All the best,
    Dimo
    the Telerik team

    Consider using RadControls for ASP.NET AJAX (built on top of the ASP.NET AJAX framework) as a replacement for the Telerik ASP.NET Classic controls, See the product support lifecycle here.

Back to Top