Lucene search
GitHub Advisory DatabaseGHSA-3533-RVPC-6X56HistoryMay 17, 2022 - 5:17 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
2022-05-1705:17:30
CWE-200
GitHub Advisory Database
github.com
19
sensitive information exposure
unauthorized access
daoauthenticationprovider
vmware
remote attack
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
68.3%
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Affected configurations
Node
org.springframework.securityspring-security-coreRange3.1.0–3.1.3
ORorg.springframework.securityspring-security-coreRange3.0.0–3.0.8
ORorg.springframework.securityspring-security-coreRange<2.0.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.springframework.security | spring-security-core | * | cpe:2.3:a:org.springframework.security:spring-security-core:*:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2012-5055
2012-12-05 00:00:00
prion
prion
Default credentials
2012-12-05 17:55:00
nvd
nvd
CVE-2012-5055
2012-12-05 17:55:01
cve
cve
CVE-2012-5055
2012-12-05 17:55:01
osv
osv
cvelist
cvelist
CVE-2012-5055
2012-12-05 17:00:00
redhat
redhat
(RHSA-2013:0649) Important: Fuse ESB Enterprise 7.1.0 update
2013-03-14 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
68.3%
Related for GHSA-3533-RVPC-6X56