Troy Goode

Massive Security Hole

A massive security hole in was just revealed that allows anyone to see your passwords... Danny Douglass just added a post to his blog where he explains the issue and provides a patched BlogEngine.Core assembly to resolve the issue until the next release of BlogEngine is available.

I would advise anyone running to immediately go to Danny's blog and download & install the fix.

The faster we can get word out about this, the faster we can shut down this particular attack vector, so please try and get the word out to any users you are aware of and please kick Danny's post at DotNetKicks.

Thanks Danny!