CVE-2018-8171 – microsoft.aspnetcore.identity

Package

Manager: nuget
Name: microsoft.aspnetcore.identity
Vulnerable Version: >=1.0.0 <=1.0.5 || >=1.1.0 <=1.1.5 || >=2.0.0 <=2.0.3 || >=2.1.0 <=2.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.11501 pctl0.93356

Details

Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Metadata

Created: 2018-10-16T19:56:50Z
Modified: 2022-04-26T19:05:55Z
Source: MANUAL
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-vhvh-528q-ff3p
Finding: F006
Auto approve: 1