HIGH 7.5
GHSA-vhvh-528q-ff3p
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
Details
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.AspNetCore.Identity
Introduced in:
1.0.0 Fixed in: 1.0.6 Fix
dotnet add package Microsoft.AspNetCore.Identity --version 1.0.6 NuGet / Microsoft.AspNetCore.Identity
Introduced in:
1.1.0 Fixed in: 1.1.6 Fix
dotnet add package Microsoft.AspNetCore.Identity --version 1.1.6 NuGet / Microsoft.AspNetCore.Identity
Introduced in:
2.0.0 Fixed in: 2.0.4 Fix
dotnet add package Microsoft.AspNetCore.Identity --version 2.0.4 NuGet / Microsoft.AspNetCore.Identity
Introduced in:
2.1.0 Fixed in: 2.1.2 Fix
dotnet add package Microsoft.AspNetCore.Identity --version 2.1.2