Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
Medium Nessus Plugin ID 111070
Synopsis
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
Description
The Microsoft .NET and ASP.NET installations on the remote
host are missing a security update. It is, therefore,
affected by the following vulnerability :
- A Security Feature Bypass vulnerability exists in
ASP.NET when the number of incorrect login attempts is
not validated. An attacker who successfully exploited
this vulnerability could try an infinite number of
authentication attempts. The update addresses the
vulnerability by validating the number of incorrect
login attempts. (CVE-2018-8171)
Solution
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.