Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka .NET Security Feature Bypass Vulnerability.
Weakness
The product does not validate, or incorrectly validates, a certificate.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| .net_core | Microsoft | 1.0 (including) | 1.0 (including) |
| .net_core | Microsoft | 2.0 (including) | 2.0 (including) |
| Powershell_core | Microsoft | 6.0 (including) | 6.0 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://www.securityfocus.com/bid/102380
- http://www.securitytracker.com/id/1040152
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
- http://www.securityfocus.com/bid/102380
- http://www.securitytracker.com/id/1040152
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786