Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
Medium Nessus Plugin ID 111070
SynopsisThe Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
DescriptionThe Microsoft .NET and ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
- A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. The update addresses the vulnerability by validating the number of incorrect login attempts. (CVE-2018-8171)
SolutionUpdate ASP.NET Core, remove vulnerable packages and refer to vendor advisory.