CVE-2018-8171

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Affected Software

VendorProductVersion RangeStatus
MicrosoftASP.NETWeb Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5affected
MicrosoftASP.NETWeb Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3affected
MicrosoftASP.NET Core1.0affected
MicrosoftASP.NET Core1.1affected
MicrosoftASP.NET Core2.0affected
MicrosoftASP.NET MVC 5.2Microsoft Visual Studio 2013 Update 5affected
MicrosoftASP.NET MVC 5.2Microsoft Visual Studio 2015 Update 3affected

Weaknesses

  • Security Feature Bypass

ADP Enrichment

CVE Program Container

Additional References

References