CVE-2018-8171

HIGH7.5EPSS 7.8%

Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated

發布日:2018/10/16修改日:2023/11/8

描述

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

受影響套件(1)

NuGet/Microsoft.AspNetCore.Identity>= 1.0.0, < 1.0.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-vhvh-528q-ff3p
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-8171
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
WEBhttp://www.securityfocus.com/bid/104659
WEBhttp://www.securitytracker.com/id/1041267