Improperly Implemented Security Check for Standard

CVE-2020-1045

High

7.5/10

Summary

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-358 - Improperly Implemented Security Check for Standard

The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References

Advisory Timeline

Published Sep 11, 2020

Improperly Implemented Security Check for Standard

CVE-2020-1045

Summary

CWE-358 - Improperly Implemented Security Check for Standard

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS