CVE-2012-5055
Security: Ability to determine if username is valid via DaoAuthenticationProvider
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
DaoAuthenticationProvider en VMware SpringSource Spring Security antes de v2.0.8, v3.0.x antes de v3.0.8, y v3.1.x antes de v3.1.3 no comprueba la contraseña si el usuario no se encuentra, lo que hace que la respuesta de retardo sea menor y podría permitir a atacantes remotos para enumerar los nombres de usuario válidos a través de una serie de solicitudes de inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-09-21 CVE Reserved
- 2012-12-05 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.springsource.com/security/CVE-2012-5055 | 2012-12-28 | |
| https://access.redhat.com/security/cve/CVE-2012-5055 | 2013-03-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=886031 | 2013-03-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | <= 2.0.6 Search vendor "Vmware" for product "Springsource Spring Security" and version " <= 2.0.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 2.0.0 Search vendor "Vmware" for product "Springsource Spring Security" and version "2.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 2.0.1 Search vendor "Vmware" for product "Springsource Spring Security" and version "2.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 2.0.2 Search vendor "Vmware" for product "Springsource Spring Security" and version "2.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 2.0.3 Search vendor "Vmware" for product "Springsource Spring Security" and version "2.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 2.0.4 Search vendor "Vmware" for product "Springsource Spring Security" and version "2.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 2.0.5 Search vendor "Vmware" for product "Springsource Spring Security" and version "2.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.0.0 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.0.1 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.0.2 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.0.3 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.0.4 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.0.5 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.0.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.1.1 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.1.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Springsource Spring Security Search vendor "Vmware" for product "Springsource Spring Security" | 3.1.2 Search vendor "Vmware" for product "Springsource Spring Security" and version "3.1.2" | - |
Affected
| ||||||