CVE-2020-1045 – This vulnerability allows attackers to bypass A... (How to Fix)

Q: What is the severity of CVE-2020-1045?

CVE-2020-1045 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to bypass ASP.NET Core's cookie security by setting a second cookie with a percent-encoded name. The parser incorrectly decodes entire cookie strings, enabling cookie spoofing. Affects applications using Microsoft ASP.NET Core with vulnerable versions.

📋 TL;DR

This vulnerability allows attackers to bypass ASP.NET Core's cookie security by setting a second cookie with a percent-encoded name. The parser incorrectly decodes entire cookie strings, enabling cookie spoofing. Affects applications using Microsoft ASP.NET Core with vulnerable versions.

💻 Affected Systems

Products:

Microsoft ASP.NET Core

Versions: ASP.NET Core 2.1 through 3.1 (before 3.1.8)

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All ASP.NET Core applications using cookie authentication are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authentication bypass leading to unauthorized access to user accounts or administrative functions.

🟠

Likely Case

Session hijacking or privilege escalation through cookie manipulation.

🟢

If Mitigated

Minimal impact if proper input validation and cookie handling are implemented.

🌐 Internet-Facing: HIGH - Web applications directly exposed to internet traffic are primary targets.

🏢 Internal Only: MEDIUM - Internal applications could be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted HTTP requests with encoded cookie names.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ASP.NET Core 3.1.8 or later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045

Restart Required: Yes

Instructions:

1. Update ASP.NET Core runtime to version 3.1.8 or later. 2. Update all ASP.NET Core applications to target the patched runtime. 3. Restart application services.

🔧 Temporary Workarounds

Custom Cookie Parser

all

Implement custom cookie parsing logic that validates and sanitizes cookie names before processing.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests with percent-encoded cookie names.
Monitor and alert on unusual cookie patterns in application logs.

🔍 How to Verify

Check if Vulnerable:

Check ASP.NET Core runtime version using 'dotnet --info' command.

Check Version:

dotnet --info | findstr "Version"

Verify Fix Applied:

Verify runtime version is 3.1.8 or later and test cookie handling with encoded names.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing percent-encoded cookie names
Multiple cookies with similar names

Network Indicators:

Unusual cookie patterns in HTTP headers
Requests attempting cookie manipulation

SIEM Query:

source="web_logs" AND (cookie_name="%25" OR cookie_name CONTAINS "%")

📊 Metadata

CVE ID: CVE-2020-1045

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Published: September 11, 2020

Last Updated: February 23, 2026

🔗 References

https://access.redhat.com/errata/RHSA-2020:3699 Third Party Advisory
https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318 Release Notes,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045 Patch,Vendor Advisory
https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:3699 Third Party Advisory
https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318 Release Notes,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045 Patch,Vendor Advisory
https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Asp.net Core by Microsoft

Asp.net Core by Microsoft

Enterprise Linux by Redhat

Enterprise Linux Aus by Redhat

Enterprise Linux Aus by Redhat

Enterprise Linux Aus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Tus by Redhat

Enterprise Linux Tus by Redhat

Enterprise Linux Tus by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Custom Cookie Parser

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export