Looking for ASP.NET Generic Oracle Padding Vulnerability fix

Tim Davis 0 Reputation points

Is there a way to fix the Generic Padding Oracle vulnerability on an ASP.NET website using MVC that targets .NET Framework 4.8? I've tried downloading the patch from 2010 through Windows Update, but it doesn't seem to be available. I also attempted the workaround with customErrors on Scott Guthrie's blog, but it didn't work. Are there any other solutions I can try to either eliminate the vulnerability or confirm it's a false positive? Thank you.

A set of technologies in the .NET Framework for building web applications and XML web services.
3,381 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,764 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Lan Huang-MSFT 28,111 Reputation points Microsoft Vendor

    Hi @Tim Davis,

    According to Microsoft Security Bulletin MS10-070 this vulnerability was introduced in 2010 in Microsoft .NET Framework 3.5 Service Pack 1 resolved after Microsoft .NET Framework version 4.0.

    Best regards,
    Lan Huang

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments