CVE-2012-5055

2012-12-0517:55:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

68.3%

JSON

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

Affected configurations

Nvd

Node

vmwarespringsource_spring_securityRange≤2.0.6

vmwarespringsource_spring_securityMatch2.0.0

vmwarespringsource_spring_securityMatch2.0.1

vmwarespringsource_spring_securityMatch2.0.2

vmwarespringsource_spring_securityMatch2.0.3

vmwarespringsource_spring_securityMatch2.0.4

vmwarespringsource_spring_securityMatch2.0.5

Node

vmwarespringsource_spring_securityMatch3.0.0

vmwarespringsource_spring_securityMatch3.0.1

vmwarespringsource_spring_securityMatch3.0.2

vmwarespringsource_spring_securityMatch3.0.3

vmwarespringsource_spring_securityMatch3.0.4

vmwarespringsource_spring_securityMatch3.0.5

Node

vmwarespringsource_spring_securityMatch3.1.1

vmwarespringsource_spring_securityMatch3.1.2

VendorProductVersionCPE
vmwarespringsource_spring_security*cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.0cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.1cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.2cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.3cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.4cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
vmwarespringsource_spring_security2.0.5cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.0cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.1cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
vmwarespringsource_spring_security3.0.2cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	springsource_spring_security	*	cpe:2.3:a:vmware:springsource_spring_security::::::::
vmware	springsource_spring_security	2.0.0	cpe:2.3:a:vmware:springsource_spring_security:2.0.0:::::::*
vmware	springsource_spring_security	2.0.1	cpe:2.3:a:vmware:springsource_spring_security:2.0.1:::::::*
vmware	springsource_spring_security	2.0.2	cpe:2.3:a:vmware:springsource_spring_security:2.0.2:::::::*
vmware	springsource_spring_security	2.0.3	cpe:2.3:a:vmware:springsource_spring_security:2.0.3:::::::*
vmware	springsource_spring_security	2.0.4	cpe:2.3:a:vmware:springsource_spring_security:2.0.4:::::::*
vmware	springsource_spring_security	2.0.5	cpe:2.3:a:vmware:springsource_spring_security:2.0.5:::::::*
vmware	springsource_spring_security	3.0.0	cpe:2.3:a:vmware:springsource_spring_security:3.0.0:::::::*
vmware	springsource_spring_security	3.0.1	cpe:2.3:a:vmware:springsource_spring_security:3.0.1:::::::*
vmware	springsource_spring_security	3.0.2	cpe:2.3:a:vmware:springsource_spring_security:3.0.2:::::::*