They created a tool (the Padding Oracle Exploit Tool or POET), that can repeatedly modify an ASP.NET Forms Authentication cookie encrypted using AES and, by examining the errors returned, determine the Machine Key used to encrypt the cookie.
The process is claimed to be 100 percent reliable and takes between 30 and 50 minutes for any site.
Here is the link to the youtube demostration :
And here is the info to mitigate this vulnerability:
Update your sites!!!