VAR-201807-2080
Vulnerability from variot - Updated: 2023-12-18 13:28A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. Microsoft ASP.NET is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to make unlimited login requests. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-2080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net mvc",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "5.2"
},
{
"model": "asp.net webpages",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "3.2.3"
},
{
"model": "asp.net web pages",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "3.2.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "BID",
"id": "104659"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Knafve",
"sources": [
{
"db": "BID",
"id": "104659"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8171",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-15445",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8171",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8171",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-15445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-881",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. Microsoft ASP.NET is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to make unlimited login requests. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
},
{
"db": "BID",
"id": "104659"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8171",
"trust": 3.3
},
{
"db": "BID",
"id": "104659",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1041267",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-15445",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "BID",
"id": "104659"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"id": "VAR-201807-2080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
}
]
},
"last_update_date": "2023-12-18T13:28:49.812000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8171 | ASP.NET Security Feature Bypass Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8171"
},
{
"title": "CVE-2018-8171 | ASP.NET \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8171"
},
{
"title": "Patch for Microsoft ASP.NET Core Security Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/137603"
},
{
"title": "Microsoft ASP.NET Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81945"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "NVD",
"id": "CVE-2018-8171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8171"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/104659"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1041267"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8171"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180711-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180028.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8171"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/net/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "BID",
"id": "104659"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"db": "BID",
"id": "104659"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"date": "2018-07-10T00:00:00",
"db": "BID",
"id": "104659"
},
{
"date": "2018-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"date": "2018-07-11T00:29:00.320000",
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"date": "2018-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15445"
},
{
"date": "2018-07-10T00:00:00",
"db": "BID",
"id": "104659"
},
{
"date": "2018-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007985"
},
{
"date": "2021-06-30T16:52:59.210000",
"db": "NVD",
"id": "CVE-2018-8171"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Vulnerabilities bypassing security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007985"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-881"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…