How to prevent access to the Telerik Dialog Handler in IIS
arpan das
1
Reputation point
a cryptographic weakness (CVE-2017-9248) has been identified in Telerik.Web.UI.dll that can be exploited to the disclosure of encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey).
Instead of doing a version upgrade I want to restrict the Telerik DialogHandler via IIS handler mapping or with appcmd set config.
link: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness#prevent-access
Can it be done ? If yes please let me know the process.
Thank you in advance.
Sign in to answer