Lucene search

MitreCVE-2012-5055

HistoryDec 05, 2012 - 5:55 p.m.

CVE-2012-5055

2012-12-0517:55:01

CWE-200

mitre

web.nvd.nist.gov

cve-2012-5055

vmware

springsource

spring security

authentication bypass

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

Affected configurations

Nvd

Node

vmwarespringsource_spring_securityRange≤2.0.6

vmwarespringsource_spring_securityMatch2.0.0

vmwarespringsource_spring_securityMatch2.0.1

vmwarespringsource_spring_securityMatch2.0.2

vmwarespringsource_spring_securityMatch2.0.3

vmwarespringsource_spring_securityMatch2.0.4

vmwarespringsource_spring_securityMatch2.0.5

Node

vmwarespringsource_spring_securityMatch3.0.0

vmwarespringsource_spring_securityMatch3.0.1

vmwarespringsource_spring_securityMatch3.0.2

vmwarespringsource_spring_securityMatch3.0.3

vmwarespringsource_spring_securityMatch3.0.4

vmwarespringsource_spring_securityMatch3.0.5

Node

vmwarespringsource_spring_securityMatch3.1.1

vmwarespringsource_spring_securityMatch3.1.2

VendorProductVersionCPE
vmwarespringsource_spring_security*cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.0cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.1cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.2cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.3cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.4cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.5cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.0cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.1cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.2cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	springsource_spring_security	*	cpe:2.3:a:vmware:springsource_spring_security::::::::
vmware	springsource_spring_security	2.0.0	cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
vmware	springsource_spring_security	2.0.1	cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
vmware	springsource_spring_security	2.0.2	cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
vmware	springsource_spring_security	2.0.3	cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
vmware	springsource_spring_security	2.0.4	cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
vmware	springsource_spring_security	2.0.5	cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
vmware	springsource_spring_security	3.0.0	cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
vmware	springsource_spring_security	3.0.1	cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
vmware	springsource_spring_security	3.0.2	cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*