SuSE 10 Security Update : Mono (ZYPP Patch Number 8001)
Medium Nessus Plugin ID 58408
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThe FORMS authentication methods of mono ASP.net implementation were vulnerable to a padding oracle attack as described in CVE-2010-3332, as they did encryption after checksum.
This update changes the method to checksum after encryption to avoid this attack.
SolutionApply ZYPP patch number 8001.