Massive BlogEngine.net Security Hole
13 Apr 2008A massive security hole in BlogEngine.net was just revealed that allows anyone to see your passwords... Danny Douglass just added a post to his blog where he explains the issue and provides a patched BlogEngine.Core assembly to resolve the issue until the next release of BlogEngine is available.
I would advise anyone running BlogEngine.net to immediately go to Danny's blog and download & install the fix.
The faster we can get word out about this, the faster we can shut down this particular attack vector, so please try and get the word out to any BlogEngine.net users you are aware of and please kick Danny's post at DotNetKicks.
Thanks Danny!