A major security vulnerability was discovered in ASP.net last week and Microsoft has released a workaround to fix this issue. Using this vulnerability a hacker can gain access to any files in a web server which includes web.config file which mostly contains sensitive data.
I would recommend all of those who are working on ASP.Net application to read this:
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
_
Silent Killer 