Описание
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Ссылки на источники
Дополнительная информация
Статус:
Important
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=2221854dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method
8.1 High
CVSS3
Связанные уязвимости
8.1 High
CVSS3