| Details | |
|---|---|
| Alert ID | 100021 |
| Alert Type | Script Passive |
| Status | alpha |
| Risk | High |
| CWE | 327 |
| WASC | 13 |
| Technologies Targeted | All |
| Tags |
CWE-327 |
| More Info |
Scan Rule Help |
Summary
A request has been made that appears to conform to poor cryptography used by Telerik UI for ASP.NET AJAX prior to v2017.2.621. An attacker could manipulate the value of the dp parameter to possibly learn the machine key and upload arbitrary files, which could then lead to the compromise of ASP.NET ViewStates and arbitrary code execution respectively. CVE-2017-9248 has a CVSSv3 score of 9.8.