General Information

Execution of Signed Dormant Server Controls via Cache Reuse

Variants:
Direct 

Also Known As:
EoDSeC

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
ASP.Net, Mono, JSF

Target Type:
Web Application

Affected Mechanisms:
Privilege Validation, Digital Signatures, Web Application Configuration

Invented In:
15/03/2013

Added In:
04/12/2014


Vector Operation Method:
Execute dormant events of invisible or disabled server-side web controls in signature protected locations by reusing signed viewstate and eventvalidation fields obtained from web cache or user cache.


Direct Variant:

Execution of Signed Dormant Server Controls via Cache Reuse

Variant Title:
Execution of Signed Dormant Server Controls via Cache Reuse

Typical Severity:
Major

Learn More: