High severity7.5NVD Advisory· Published Jul 11, 2018· Updated Jun 17, 2026
CVE-2018-8171
CVE-2018-8171
Description
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.IdentityNuGet | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.AspNetCore.IdentityNuGet | >= 1.1.0, < 1.1.6 | 1.1.6 |
Microsoft.AspNetCore.IdentityNuGet | >= 2.0.0, < 2.0.4 | 2.0.4 |
Microsoft.AspNetCore.IdentityNuGet | >= 2.1.0, < 2.1.2 | 2.1.2 |
Affected products
4- Range: Microsoft Visual Studio 2013 Update 5
Patches
Vulnerability mechanics
References
5- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/104659nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1041267nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-vhvh-528q-ff3pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-8171ghsaADVISORY
News mentions
0No linked articles in our index yet.