Toby Beaumont has reported a vulnerability in ASP.NET, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a canonicalization error within the .NET authentication schema. This can be exploited to bypass forms based authentication or Windows authorization configurations by using a specially crafted URL.