Lucene search
MicrosoftMS:CVE-2018-0785HistoryJan 09, 2018 - 8:00 a.m.
ASP.NET Core Cross Site Request Forgery Vulnerabilty
2018-01-0908:00:00
Microsoft
msrc.microsoft.com
14
0.003 Low
EPSS
Percentile
65.4%
A Cross Site Request Forgery (CSRF) vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates.
An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim’s user account without his/her consent. As a result, a victim of this attack may be permanently locked out of his/her account after loosing access to his/her 2FA device, as the initial recovery codes would be no longer valid.
The update corrects the ASP.NET Core project templates.
Related
cvelist
cvelist
CVE-2018-0785
2018-01-09 00:00:00
symantec
symantec
prion
prion
Cross site request forgery (csrf)
2018-01-10 01:29:00
cve
cve
CVE-2018-0785
2018-01-10 01:29:00
osv
osv
CVE-2018-0785
2018-01-10 01:29:00
nessus
nessus
Security Update for ASP.NET Core January 2018
2018-01-13 00:00:00
openvas
openvas
ASP.NET Core Multiple Vulnerabilities - Windows
2018-02-27 00:00:00
kaspersky
kaspersky
KLA11172 Multiple vulnerabilities in Microsoft Development Tools
2018-01-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - January 2018
2018-01-09 13:36:00
trendmicroblog
trendmicroblog