Keep up to date with the latest News Bulletins and Security Alerts that could affect your website
The default web.config files distributed with DNN include an embedded Machine Key value (both ValidationKey and DecryptionKey). Under certain circumstances these values may not be updated during the installation/upgrade process, resulting in the ability for an attacker to forge arbitrary ASP.NET forms authentication tickets that can then be used to circumvent all security within a DNN installation. This issue was confirmed to affect the production instance of DNN used on the DNN Homepage (www.dotnetnuke.com). Learn more about this exploit and how to fix it by visiting Gotham Digital Science website
Additional information can be found in the official DotNetNuke Security Bulletin.