Описание
ASP.NET Security Feature Bypass Vulnerability
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated.
An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts.
The update addresses the vulnerability by validating the number of incorrect login attempts.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| ASP.NET Core 2.0 | ||
| ASP.NET Core 1.1 | ||
| ASP.NET Core 1.0 | ||
| ASP.NET MVC 5.2 on Microsoft Visual Studio 2013 Update 5 | ||
| ASP.NET MVC 5.2 on Microsoft Visual Studio 2015 Update 3 | ||
| ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5 | ||
| ASP.NET Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
EPSS