High severityNVD Advisory· Published Jul 11, 2018· Updated Aug 5, 2024

CVE-2018-8171

Description

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.AspNetCore.IdentityNuGet	>= 1.0.0, < 1.0.6	1.0.6
Microsoft.AspNetCore.IdentityNuGet	>= 1.1.0, < 1.1.6	1.1.6
Microsoft.AspNetCore.IdentityNuGet	>= 2.0.0, < 2.0.4	2.0.4
Microsoft.AspNetCore.IdentityNuGet	>= 2.1.0, < 2.1.2	2.1.2

Affected products

Microsoft/Asp.netv5
Range: Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Microsoft/ASP.NET Corev5
Range: 1.0
Microsoft/ASP.NET MVC 5.2v5
Range: Microsoft Visual Studio 2013 Update 5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-vhvh-528q-ff3pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-8171ghsaADVISORY
www.securityfocus.com/bid/104659ghsavdb-entryx_refsource_BIDWEB
www.securitytracker.com/id/1041267ghsavdb-entryx_refsource_SECTRACKWEB
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000