CVE-2018-8171

CVE Database · CVE-2018-8171

CVE-2018-8171

· N/AModified

CVSS v3.1

N/A

EPSS

9.83%

Published

Jul 10, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Weaknesses (CWE)

CWE-287

Affected Products (5)

microsoft · asp.net_corevulnerable

microsoft · asp.net_model_view_controllervulnerable

microsoft · asp.net_webpagesvulnerable

References (6)

http://www.securityfocus.com/bid/104659

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041267

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171