I just became aware of an article [1] that points to security problems with the ASP.NET component in Microsoft's version of the StockTrader sample app and want to bring it to everyone's attention. As Greg Leake (the original author of the StockTrader contribution at Microsoft) notes in the comments, he will address these problems quickly, and we will make sure the fixes are propagated to Stonehenge.
Others might check whether there are similar vulnerabilities in the other contributed apps. Michael Champion [1] http://www.gdssecurity.com/l/b/2009/02/05/net-stocktrader-from-msdn-the-new-webgoat/
