CVE-2018-8171

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Asp.net; Asp.net Core; Asp.net Mvc 5.2
Vendor: CVE Published:; 11 July 2018

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Affected Version(s)

ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5

ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3

ASP.NET Core 1.0

References

http://www.securitytracker.com/id/1041267

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/104659

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2018
Vulnerability Reserved
Mar 14, 2018

Collectors

NVD DatabaseMitre Database

.