se ha descubierto un nuevo bug de seguridad en asp.net el cual pueden peligrar nuestras aplicaciones de autentificacion ojo con este mas vale que lo lean...Microsoft is continuing to investigate a reported vulnerability in Microsoft ASP.NET. Reports have indicated that an attacker could send specially crafted requests to a Web server running ASP.NET applications and bypass forms based authentication or Windows authorization configurations, and potentially view secured content without providing the proper credentials. Our initial investigation has revealed that all versions of ASP.NET could be affected, independent of the installed IIS version or IIS components.
sigue aqui...
http://www.microsoft.com/security/incident/aspnet.mspx
y yo que queria ando haciendo algo de autentificacion
