Microsoft ASP.NET Core and Visual Studio Privilege Escalation Vulnerability

A vulnerability allowing unauthorized privilege escalation has been identified in ASP.NET Core and Visual Studio. This issue arises from weak authentication, which can be exploited over a network. The vulnerability is present in ASP.NET Core versions 6.0.0 prior to 6.0.36, 8.0.0 prior to 8.0.13, and 9.0.0 prior to 9.0.2. Additionally, it affects Microsoft Visual Studio 2022 versions 17.8, 17.10, 17.12, and 17.13.

Impact

Exploitation of this vulnerability could allow an attacker to hijack an authenticated session and assume the identity of another user, gaining the privileges of the compromised user.

Reproduction

To reproduce this vulnerability, set up an ASP.NET Core Identity project and create two user accounts. Authenticate as User A, then call the RefreshSignInAsync method with User B as the parameter. This will refresh the session to User B, exploiting the authentication weakness.

Remediation

Users should upgrade to ASP.NET Core Runtime versions 8.0.14 or 9.0.3, or to Microsoft.AspNetCore.Identity version 2.3.1. Visual Studio users can download the security update from the Visual Studio 2022 download page.