CVE-2023-33170

Опубликовано: 11 июл. 2023

Источник: redhat

CVSS3: 8.1

EPSS Низкий

Описание

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=2221854dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method

EPSS

Процентиль: 45%

0.00225

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2023-33170

CVSS3: 8.1

ubuntu

около 2 лет назад

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

CVE-2023-33170

CVSS3: 8.1

nvd

около 2 лет назад

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

CVE-2023-33170

CVSS3: 8.1

msrc

около 2 лет назад

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

RLSA-2023:4059

rocky

почти 2 года назад

Important: .NET 6.0 security, bug fix, and enhancement update

RLSA-2023:4058

rocky

почти 2 года назад

Important: .NET 7.0 security, bug fix, and enhancement update

EPSS

Процентиль: 45%

0.00225

Низкий

8.1 High

CVSS3