Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
News › Security Policy › Security Bulletin no.14 Register  |  

$4.95 Windows Hosting at Webhost4life.com
Version information leakage

Published: May 27, 2008

Version: 1.0

Maximum Severity Rating: Low

Background

Whilst installing DotNetNuke a number of files are used to coordinate the intallation or upgrade of a portal.

Issue Summary

Whilst these files are necessary for installation/upgrade of DotNetNuke, they are left behind after the process finishes. Potential hackers can use these files to determine what version of DotNetNuke is running. This information could help them to target versions with known security issues, anf therefore, need to be removed to protect against security profiling.

Mitigating factors

N/A

Affected DotNetNuke versions

3.0 - 4.8.2 inclusive.

Non-Affected Versions:

All other versions

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.8.3 at time of writing).

If you are unable to upgrade to the latest version, you can alternatively remove all of the *.txt files from the /Portals/_default folder. This will protect your site from being susceptible to automated security scanners or other probing tools typically used by malicious parties.

Acknowledgments

 

Security Policy


Click here to read more details on the DotNetNuke Security Policy
 


Alki Homes - Seattle, WA
Exemplary service for your Seattle Real Estate needs. It's what you deserve from your Realtor®!
www.alkihomes.com 		PointClick DotNetNuke Solutions
PointClick Technologies provides high-end DNN Hosting for businesses.
PointClick.Net Hosted Solutions 		Active Modules, Inc.
Creators of Active Forums, the best forum module for DotNetNuke
www.activemodules.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP