Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZodmgtNTI4cS1mZjNw

Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Permalink: https://github.com/advisories/GHSA-vhvh-528q-ff3p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZodmgtNTI4cS1mZjNw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Percentage: 0.00424
EPSS Percentile: 0.74616

Identifiers: GHSA-vhvh-528q-ff3p, CVE-2018-8171
References: Blast Radius: 1.0

Affected Packages

nuget:Microsoft.AspNetCore.Identity
Dependent packages: 344
Dependent repositories: 0
Downloads: 113,038,657 total
Affected Version Ranges: >= 2.1.0, <= 2.1.1, >= 2.0.0, <= 2.0.3, >= 1.1.0, <= 1.1.5, >= 1.0.0, <= 1.0.5
Fixed in: 2.1.2, 2.0.4, 1.1.6, 1.0.6
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1
All unaffected versions: 1.0.6, 1.1.6, 2.0.4, 2.1.2, 2.1.3, 2.1.6, 2.1.31, 2.1.39, 2.2.0