Description

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Remediation

References

CVE-2018-8171

Related Vulnerabilities

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)

WordPress Plugin Email newsletter Cross-Site Scripting (20.13.6)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3313)

WordPress Plugin Site Analytics Multiple Vulnerabilities (1.4.3)

Joomla Improper Input Validation Vulnerability (CVE-2015-8565)

Severity

High

Classification

CVE-2018-8171 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities