ASP.NET
CVE-2018-0785 — ASP.NET Core Cross Site Request Forgery Vulnerabilty
Moderate
2018-01 archive
Executive Summary
A Cross Site Request Forgery (CSRF) vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim's user account without his/her consent. As a result, a victim of this attack may be permanently locked out of his/her account after loosing access to his/her 2FA device, as the initial recovery codes would be no longer valid. The update corrects the ASP.NET Core project templates.
Overview
Moderate
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
1 affected product
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| ASP.NET Core 2.0 | Commit (Security Update) |
Moderate | Tampering | Yes |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
Commit |
Security Update | Yes |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
References
On This Page