Internet Information Services
Microsoft web server software.
1,575 questions
How to prevent access to the Telerik Dialog Handler in IIS
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 74%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
arpan das
1
Reputation point
a cryptographic weakness (CVE-2017-9248) has been identified in Telerik.Web.UI.dll that can be exploited to the disclosure of encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey).
Instead of doing a version upgrade I want to restrict the Telerik DialogHandler via IIS handler mapping or with appcmd set config.
link: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness#prevent-access
Can it be done ? If yes please let me know the process.
Thank you in advance.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 88%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
HuryShen - MSFT 321 Reputation points2021-08-04T02:58:11.41+00:00 It seems the link you provided shows the solution of your requirement. What else do you want to implement ?
Sign in to comment