Description

A third party organization has identified a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to the disclosure of encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey).

Remediation

To ensure your application is not exposed to such a risk, there are the following mitigation paths:

  • Use a patch for versions between Q1 2013 (2013.1.220) and R2 2017 (2017.2.503).
  • Use a patch for some versions between Q1 2011 (2011.1.315) and Q3 2012 SP2(2012.3.1308).
  • If you are on active maintenance, upgrade to R2 2017 SP1 (2017.2.621) or later.
  • Prevent access to the Telerik Dialog Handler.

References

Related Vulnerabilities