ASP.NET and the Padding Oracle AttackUPDATE: Read my final analysis and wrap-up here: http://securitythroughabsurdity.com/2010/09/aspnet-and-padding-oracle-attack-wrap.html
The Padding Oracle attack affects all block ciphers that are configured to use CBC + PKCS7...and it's been demonstrated that both AES and 3DES are both vulnerable to this attack in ASP.NET. Once the machine key is recovered it appears that the Forms Auth Tickets (and any other encrypted element) can be decrypted and re-encrypted allowing a full compromise of any ASP.NET Web Site that relies on Forms Authentication. Additionally MS revealed that on Framework 3.5+, even arbitrary files could be retrieved from the web server due to this vulnerability, though I'm not clear as to why this would be possible:
"If the ASP.Net application is using ASP.Net 3.5 SP1 or above, the attacker could use this encryption vulnerability to request the contents of an arbitrary file. The public disclosure demonstrated using this technique to retrieve the contents of web.config. Any file which the worker process has access to will be returned to the attacker."
Watch this video on youtube POET vs ASP.NET: DotNetNuke to see Dot Net Nuke using 3DES getting Pwnt using 3DES with Custom Errors OFF.
It appears from the video that if Custom Errors are ON, then the Oracle isn't present and the attack may not succeed.
This is a serious vulnerability for ASP.NET web sites that have CustomErrors set to 'Off' - out of the box ASP.NET is secure, as it's default setting is 'RemoteOnly'.
More information as well as a script to detect web sites with CustomerErrors set to 'Off' here: http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx