CVE-2018-8171

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
microsoftCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
microsoftasp.net_core
1.0
microsoftasp.net_core
1.1
microsoftasp.net_core
2.0
microsoftasp.net_model_view_controller
5.2
microsoftasp.net_webpages
3.2.3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
microsoftasp.net
1.0
CNA
microsoftasp.net
1.1
CNA
microsoftasp.net
2.0
CNA
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104659
http://www.securitytracker.com/id/1041267
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
http://www.securityfocus.com/bid/104659
http://www.securitytracker.com/id/1041267
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171