ASP.NET Core Cross Site Request Forgery Vulnerability - CVE-2018-0785ID: oval:org.secpod.oval:def:43463 | Date: (C)2018-01-11 (M)2023-11-29 |
Class: VULNERABILITY | Family: windows |
A Cross Site Request Forgery (CSRF) vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim's user account without his/her consent. As a result, a victim of this attack may be permanently locked out of his/her account after loosing access to his/her 2FA device, as the initial recovery codes would be no longer valid. The update corrects the ASP.NET Core project templates.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Microsoft ASP .NET core 2.0 |