CVE-2018-8171
Last modified
CVE-2018-8171 is a vulnerability of currently unknown severity. A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.. EPSS estimates a 9.83% chance of exploitation in the next 30 days.
Description
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net Core | 1.0 |
| Microsoft | Asp.Net Core | 1.1 |
| Microsoft | Asp.Net Core | 2.0 |
| Microsoft | Asp.Net Model View Controller | 5.2 |
| Microsoft | Asp.Net Webpages | 3.2.3 |
References
- http://www.securityfocus.com/bid/104659Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041267Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171Patch, Vendor Advisory
- http://www.securityfocus.com/bid/104659Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041267Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-8171?
How severe is CVE-2018-8171?
How do I fix CVE-2018-8171?
Are you affected by CVE-2018-8171?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST