Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZodmgtNTI4cS1mZjNw
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Permalink: https://github.com/advisories/GHSA-vhvh-528q-ff3pJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZodmgtNTI4cS1mZjNw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-vhvh-528q-ff3p, CVE-2018-8171
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-8171
- https://github.com/advisories/GHSA-vhvh-528q-ff3p
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
- http://www.securityfocus.com/bid/104659
- http://www.securitytracker.com/id/1041267
Affected Packages
nuget:Microsoft.AspNetCore.Identity
Dependent packages: 0Dependent repositories: 0
Downloads: 105,282,645 total
Affected Version Ranges: >= 2.1.0, <= 2.1.1, >= 2.0.0, <= 2.0.3, >= 1.1.0, <= 1.1.5, >= 1.0.0, <= 1.0.5
Fixed in: 2.1.2, 2.0.4, 1.1.6, 1.0.6
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1
All unaffected versions: 1.0.6, 1.1.6, 2.0.4, 2.1.2, 2.1.3, 2.1.6, 2.1.31, 2.1.39, 2.2.0