NuGet package
microsoft.aspnetcore.identity
pkg:nuget/microsoft.aspnetcore.identity
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24070 | — | >= 2.3.0, < 2.3.1 | 2.3.1 | Mar 11, 2025 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2023-33170 | — | < 2.1.39 | 2.1.39 | Jul 11, 2023 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | ||
| CVE-2018-8171 | Hig | 7.5 | >= 1.0.0, < 1.0.6 | 1.0.6 | Jul 11, 2018 | A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. |
- CVE-2025-24070Mar 11, 2025affected >= 2.3.0, < 2.3.1fixed 2.3.1
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2023-33170Jul 11, 2023affected < 2.1.39fixed 2.1.39
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
- affected >= 1.0.0, < 1.0.6fixed 1.0.6
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.