Skip to content

CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE #16

New issue
New issue
Open
Open
CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE#16
Labels
CheckmarxCxSCAbranch:main
@boonesb

Description

@boonesb
boonesb
opened on Feb 22, 2022

Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main

Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

Namespace: boonesb
Repository: https-github.com-James-AST-astlab2
Repository Url: https://github.com/boonesb/https-github.com-James-AST-astlab2
CxAST-Project: boonesb/https-github.com-James-AST-astlab2
CxAST platform scan: 556cf969-1053-4bd5-b25a-4b833de171bc
Branch: main
Application: https-github.com-James-AST-astlab2
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-255

Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: LOW
Remediation Upgrade Recommendation: 4.2.16.RELEASE

References
Advisory
Commit
Issue

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxCxSCAbranch:main

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions