The Microsoft Threat Intelligence team has warned of code injection attacks utilizing exposed ASP.NET machine keys, potentially compromising target servers. Over 3,000 vulnerable keys have been identified, linked to 'ViewState code injection attacks'. The issue stems from insecure developer practices, where developers fail to replace public keys found in sample code, leading to misconfigurations that allow malicious payload deliveries. Experts argue that the problematic practice highlights a fundamental gap in understanding secure coding practices among developers, particularly those learning new technologies.
At its core, this is a misconfiguration of a system where that misconfiguration enables malicious activity. "Such a key might've originated from sample code or from demo code provided to a developer attempting to learn a new API or coding topic."
The problem is that someone using sample code might not understand all the rules resulting in the sample code being copied directly into the application.
In the case of this report, the attack vector requires hardcoded keys, which then implies the application in question either isn't fully configurable or that the configuration itself contains hardcoded elements.
Currently, research has identified more than 3,000 exposed keys that could be used for such attacks. These are referred to as ViewState code injection attacks.
Collection
[
|
...
]