This severe vulnerability to ASP.Net is currently being exploited so Microsoft had to act fast since an attacker can easily decrypt cookies, view states, form authentication tickets, membership password, user data, and anything else encrypted using the ASP.NET framework’s API. Read more about the flaw and how to fix it.