Vulnerability Description
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net Core | 1.0 |
| Microsoft | Asp.Net Model View Controller | 5.2 |
| Microsoft | Asp.Net Webpages | 3.2.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104659Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041267Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171PatchVendor Advisory
- http://www.securityfocus.com/bid/104659Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041267Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171PatchVendor Advisory
FAQ
What is CVE-2018-8171?
CVE-2018-8171 is a vulnerability with a CVSS score of 7.5 (HIGH). A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.N...
How severe is CVE-2018-8171?
CVE-2018-8171 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8171?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net Core, Microsoft Asp.Net Model View Controller, Microsoft Asp.Net Webpages.