{"id":"CVE-2018-8171","details":"A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.","aliases":["GHSA-vhvh-528q-ff3p"],"modified":"2026-05-28T04:04:48.904454008Z","published":"2018-07-11T00:29:00.320Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"5.2"}],"cpes":["cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*"],"vendor_product":"microsoft:asp.net_model_view_controller","source":"CPE_STRING"},{"extracted_events":[{"last_affected":"3.2.3"}],"cpes":["cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*"],"vendor_product":"microsoft:asp.net_webpages","source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104659"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041267"},{"type":"FIX","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotnet/aspnetcore","events":[{"introduced":"0"},{"last_affected":"93ef04d69d1f1a189e9c342f656e85af50a14bb6"},{"last_affected":"f79e4a22cabfa3c72c5f0e7c8d302a977dba61b2"},{"last_affected":"999787ace6778fae7ddb77178052231d7351f706"}],"database_specific":{"source":"CPE_STRING","cpe":["cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*","cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*","cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.0"},{"last_affected":"1.1"},{"last_affected":"2.0"}]}}],"versions":["2.0.0","2.0.0-preview2","2.0.0-preview1","1.1.3","1.1.2","1.0.5","1.1.1","1.0.4","1.0.3","1.1.0","1.1.0-preview1","1.0.0","1.0.1","1.0.0-rc2-final","1.0.0-rc2","v1.0.0-rc1-update1","v1.0.0-rc1-final","v1.0.0-beta8","v1.0.0-beta7","v1.0.0-beta6","v1.0.0-beta5","v1.0.0-beta4","v1.0.0-alpha3","v1.0.0-alpha2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-8171.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}