Security Feature Bypass Vulnerability in ASP.NET and ASP.NET Core Products
CVE-2018-8171

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Asp.net
Asp.net Core
Asp.net Mvc 5.2
Vendor
CVE Published:
11 July 2018

What is CVE-2018-8171?

A vulnerability exists in ASP.NET and ASP.NET Core that allows attackers to bypass security features related to login attempts. The issue arises when the application does not properly validate the number of incorrect login attempts, potentially enabling unauthorized access to users' accounts. This flaw could lead to a range of security risks, including account compromise and data exposure, making it essential for developers to implement robust validation measures and stay informed about security updates.

Affected Version(s)

ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5

ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3

ASP.NET Core 1.0

References

http://www.securitytracker.com/id/1041267
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104659
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.