CVE-2018-8171
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
7.5
HIGH
CVSS 3.1
EPSS 7.8%
Description
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
How to fix CVE-2018-8171
To remediate CVE-2018-8171, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.6 or later
Is CVE-2018-8171 being exploited?
Moderate — EPSS is 7.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 1.0.0, < 1.0.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |