CVE-2020-5408 – Dictionary attack with Spring Security queryable text encryptor
https://notcve.org/view.php?id=CVE-2020-5408
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x anteriores a 5.1.10, versiones 5.0.x anteriores a 5.0.16 y versiones 4.2.x anteriores a 4.2.16, utilizan un vector de inicialización de null corregido con el Modo CBC en la implementación del encriptador de texto consultable. Un usuario malicioso con acceso a los datos que han sido encriptados, al usar dicho encriptador pueden ser capaces de obtener los valores no encriptados mediante un ataque de diccionario. • https://tanzu.vmware.com/security/cve-2020-5408 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-329: Generation of Predictable IV with CBC Mode CWE-330: Use of Insufficiently Random Values •
CVE-2019-11272 – PlaintextPasswordEncoder authenticates encoded passwords that are null
https://notcve.org/view.php?id=CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". Spring Security, versiones 4.2.x hasta 4.2.12, y versiones anteriores no compatibles admiten contraseñas de texto sin formato mediante PlaintextPasswordEncoder. Si una aplicación que usa una versión afectada de Spring Security está aprovechando PlaintextPasswordEncoder y un usuario tiene una contraseña codificada nula, un usuario malicioso (o atacante) puede identificarse usando una contraseña de "null". A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. • https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html https://pivotal.io/security/cve-2019-11272 https://access.redhat.com/security/cve/CVE-2019-11272 https://bugzilla.redhat.com/show_bug.cgi?id=1728993 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-522: Insufficiently Protected Credentials •
CVE-2019-3795 – Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
https://notcve.org/view.php?id=CVE-2019-3795
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. Las versiones 4.2.x de Spring Security anteriores a 4.2.12, 5.0.x anteriores a 5.0.12 y 5.1.x anteriores a 5.1.5 contienen una vulnerabilidad de aleatoriedad insegura cuando se utiliza SecureRandomFactoryBean#setSeed para configurar una petición de SecureRandom. Para ser impactado, una aplicación honesta debe proporcionar una semilla y poner el material aleatorio resultante a disposición de un atacante para su inspección. • http://www.securityfocus.com/bid/107802 https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html https://pivotal.io/security/cve-2019-3795 • CWE-330: Use of Insufficiently Random Values •
CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizado a métodos que deben ser restringidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104222 http://www.securitytracker.com/id/1041888 http://www.securitytracker.com/id/1041896 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-1258 https://security.netapp.com/advisory/ntap-20181018-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle& • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVE-2018-1199 – spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
https://notcve.org/view.php?id=CVE-2018-1199
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. • https://access.redhat.com/errata/RHSA-2018:2405 https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E https://pivotal.io/security/cve-2018-1199 https://www.oracle.com/security-alerts/cpujul2020.html https://access.redhat.com& • CWE-20: Improper Input Validation •