CVE-2018-0787: Weak Password Recovery Mechanism for Forgotten Password

March 14, 2018 (updated April 11, 2018)

ASP.NET Core allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka “ASP.NET Core Elevation Of Privilege Vulnerability”.

References

www.securityfocus.com/bid/103282
www.securitytracker.com/id/1040525
github.com/aspnet/Announcements/issues/295
nvd.nist.gov/vuln/detail/CVE-2018-0787
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787

Detect and mitigate CVE-2018-0787 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →