ASP.NET vulnerability affect websites including Sage-related and Cyber Recruiter
Today one of our clients,Marlon Revelett from TMF Health Quality Institute, made us aware of an issue that could cause a vulnerability in Abra Workforce Connections, Cyber Recruiter or other ASP.NET website. In short, the exploit can be used to reveal the contents of a site's web.config file (database server name, login and password) as well as other info.
Here are a couple of links where you can read further about the issue. We have not received communication from Sage on this issue, but will let you know once we do. Microsoft will likely push out a permanent fix in the near future, but in the mean time we wanted you to be aware.
In the second article, you will note that researchers not only released a "proof-of-concept" tool (called "POET") but they also released versions of the tool for Windows, MacOS and Linux. This raises the apparent "threat level" quite a bit since anyone can download and immediately start trying the new attack on websites.
CS3 has not tested any fixes for this issue. As with any information from the internet, please be cautious and use at your own risk.
(918)496-1600 ext 210