Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5055

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5055
Last Modified 28 Dec 2012 12:00:00
Published 05 Dec 2012 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5055

Summary

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

Vulnerable Systems

Application

  • Vmware Springsource Spring Security 2.0.0

  • Vmware Springsource Spring Security 2.0.1

  • Vmware Springsource Spring Security 2.0.2

  • Vmware Springsource Spring Security 2.0.3

  • Vmware Springsource Spring Security 2.0.4

  • Vmware Springsource Spring Security 2.0.5

  • Vmware Springsource Spring Security 2.0.6

  • Vmware Springsource Spring Security 3.0.0

  • Vmware Springsource Spring Security 3.0.1

  • Vmware Springsource Spring Security 3.0.2

  • Vmware Springsource Spring Security 3.0.3

  • Vmware Springsource Spring Security 3.0.4

  • Vmware Springsource Spring Security 3.0.5

  • Vmware Springsource Spring Security 3.1.1

  • Vmware Springsource Spring Security 3.1.2


References

CONFIRM - http://support.springsource.com/security/CVE-2012-5055


Last Updated: 27 May 2016 11:01:27