I'm seeing a lot of this error today -- goes back several hours. Anyone ever seen this one?


Invalid length for a Base-64 char array.[ at System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load() ]

Interesting -- anything I should be concerned about - or do something about?

I just noticed that we use Base64 strings in the Cryptography class. Best you can do to figure out what is causing the error is to add some logging statements to the core project, recompile it and then replace your existing core dll. That will tell you exactly what operation is throwing this error. However, this is definitely an exception within the BV code base and not an attack as Any suggested.

The cryptography classes are primary used to encrypt/decrypt user account, credit card and user session ID related information.

I don't know how you got there. There is no encryption or decryption going on here.



System.Web.UI.HiddenFieldPageStatePersister is used to deserialize the ASP.NET hidden fields in a post, and "Invalid length for a Base-64 char array" is the first check that the base-64 decoder performs (not decrypter). This error Joe reported literally means that one of the ASP.NET hidden fields in the post was of the wrong length to be a valid base-64 encoded character string.



On my own site I often see this error when someone tries to post a page with an SQL injection in one of the hidden field. I suspect they know that it will cause the error shown here and hope that I will try to put the troublesome field into my log table using dynamic SQL (thus invoking the injection). I don't. But I do send myself an email so I see what they tried.

But yes, as Andy said, there is nothing to worry about.