Hi,
How have you handled the issue reported by a security audit of FIM2010 R2 Portals for registering and resetting passwords on the 'net. The date on the article is 2008, and the .net assemblies are 1.0 thru 2.0, but the audit is still catching preventing a rollout.
Brief Description: Details here: http://xforce.iss.net/xforce/xfdb/44743
Microsoft ASP.NET could allow a remote attacker to bypass ValidateRequest filters and conduct cross-site scripting attacks, caused by a vulnerability that was introduced by the MS07-040 update. A remote attacker could exploit this vulnerability using a query string containing a less-than tilde slash sequence (<~/) appended with a malicious STYLE element, which would allow the attacker to bypass Request Validation and conduct cross-site scripting attacks against a vulnerable ASP.NET application.
TIA
Sunny