Important 2018-07 archive

Executive Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. The update addresses the vulnerability by validating the number of incorrect login attempts.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
Category Security Feature Bypass
Released Jul 10 2018
Last Updated Jul 10 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

7 affected products
Product KB Article Severity Impact Restart Required
ASP.NET Core 1.0 Commit (Security Update) Important Security Feature Bypass Unknown
ASP.NET Core 1.1 Commit (Security Update) Important Security Feature Bypass Unknown
ASP.NET Core 2.0 Commit (Security Update) Important Security Feature Bypass Unknown
ASP.NET MVC 5.2 on Microsoft Visual Studio 2013 Update 5 4339279 (Security Update) Important Security Feature Bypass Maybe
ASP.NET MVC 5.2 on Microsoft Visual Studio 2015 Update 3 4339279 (Security Update) Important Security Feature Bypass Maybe
ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5 4339279 (Security Update) Important Security Feature Bypass Maybe
ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 4339279 (Security Update) Important Security Feature Bypass Maybe

Patches

2 patches
Article Type Restart
Commit Security Update Unknown
4339279 Security Update Maybe

Known Exploits

Acknowledgments