First published: Wed Jul 11 2018(Updated: )
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft ASP.NET Core | =1.0 | |
Microsoft ASP.NET Core | =1.1 | |
Microsoft ASP.NET Core | =2.0 | |
Microsoft ASP.NET Model View Controller | =5.2 | |
Microsoft Asp.net Webpages | =3.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8171 is a Security Feature Bypass vulnerability in ASP.NET when the number of incorrect login attempts is not validated.
CVE-2018-8171 affects ASP.NET, ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0, and ASP.NET MVC 5.2.
CVE-2018-8171 has a severity rating of 7.5 (high).
To fix CVE-2018-8171, apply the necessary security updates provided by Microsoft.
You can find more information about CVE-2018-8171 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/104659), [SecurityTracker](http://www.securitytracker.com/id/1041267), and [Microsoft Security Guidance](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171).