Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZodmgtNTI4cS1mZjNw
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Permalink: https://github.com/advisories/GHSA-vhvh-528q-ff3pJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZodmgtNTI4cS1mZjNw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Percentage: 0.00424
EPSS Percentile: 0.74616
Identifiers: GHSA-vhvh-528q-ff3p, CVE-2018-8171
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-8171
- https://github.com/advisories/GHSA-vhvh-528q-ff3p
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
- http://www.securityfocus.com/bid/104659
- http://www.securitytracker.com/id/1041267
Affected Packages
nuget:Microsoft.AspNetCore.Identity
Dependent packages: 344Dependent repositories: 0
Downloads: 113,038,657 total
Affected Version Ranges: >= 2.1.0, <= 2.1.1, >= 2.0.0, <= 2.0.3, >= 1.1.0, <= 1.1.5, >= 1.0.0, <= 1.0.5
Fixed in: 2.1.2, 2.0.4, 1.1.6, 1.0.6
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1
All unaffected versions: 1.0.6, 1.1.6, 2.0.4, 2.1.2, 2.1.3, 2.1.6, 2.1.31, 2.1.39, 2.2.0