In September 2012 NCC Group noted a security issue relating to the use of ASP.NET forms authentication in a shared/cloud hosting environment, which could potentially allow an attacker to successfully authenticate to an application for which they do not have valid credentials. This threat brief will discuss this issue in more details on the attacks and provide advice on ways to protect yourself against this type of attack.
