CVE-2012-5055
Published Dec 5, 2012
Last updated 12 years ago
Overview
- Description
- DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8",
"versionEndIncluding": "2.0.6"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F42E395-9775-4F37-90EF-9AD2B0FF7CD0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86B12DA8-FFBF-4BCA-8485-18083BA1D827"
},
{
"criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C9F1EA7-CFE0-41AE-9A17-6DACD04F17EE"
}
],
"operator": "OR"
}
]
}
]