A third party organization has identified a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to the disclosure of encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey).
To ensure your application is not exposed to such a risk, there are the following mitigation paths:
- Use a patch for versions between Q1 2013 (2013.1.220) and R2 2017 (2017.2.503).
- Use a patch for some versions between Q1 2011 (2011.1.315) and Q3 2012 SP2(2012.3.1308).
- If you are on active maintenance, upgrade to R2 2017 SP1 (2017.2.621) or later.
- Prevent access to the Telerik Dialog Handler.