Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 8 | RedHat | dotnet9.0-0:9.0.104-1.el8_10 | * |
Red Hat Enterprise Linux 8 | RedHat | dotnet8.0-0:8.0.114-1.el8_10 | * |
Red Hat Enterprise Linux 9 | RedHat | dotnet9.0-0:9.0.104-1.el9_5 | * |
Red Hat Enterprise Linux 9 | RedHat | dotnet8.0-0:8.0.114-1.el9_5 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | dotnet8.0-0:8.0.114-1.el9_4 | * |
Dotnet7 | Ubuntu | jammy | * |
Dotnet8 | Ubuntu | devel | * |
Dotnet8 | Ubuntu | jammy | * |
Dotnet8 | Ubuntu | noble | * |
Dotnet8 | Ubuntu | oracular | * |
Dotnet9 | Ubuntu | devel | * |
Dotnet9 | Ubuntu | oracular | * |
Attackers may be able to bypass weak authentication faster and/or with less effort than expected.