Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated

GHSA-vhvh-528q-ff3p · CVE-2018-8171

Published Oct 16, 2018 · Modified Nov 8, 2023

Description

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-8171
ADVISORY https://github.com/advisories/GHSA-vhvh-528q-ff3p
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
WEB http://www.securityfocus.com/bid/104659
WEB http://www.securitytracker.com/id/1041267

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes