CVE-2012-5055 in SpringSource Spring Securityinformación

Resumen (Inglés)

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

Once again VulDB remains the best source for vulnerability data.

Reservar

2012-09-21

Divulgación

2012-12-05

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
7088	VMware SpringSource Spring Security DaoAuthenticationProvider divulgación de información	200	Prueba de concepto	Arreglo oficial	CVE-2012-5055

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

MITRE
NVD
CVE Details

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!