VDB

CVE-2012-5055

CVE-2012-5055 PUBLISHED CVSS 5 MEDIUM

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

EPSS 0.36% · 58.4th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
0.36%
58.4th percentile

Affected Products

VendorProductVersions
vmwarespringsource_spring_security2.0.3, 3.0.4, 3.0.5
n/an/a*
Mavenorg.springframework.security:spring-security-core0, 3.0.0, 3.1.0

Exploit Intelligence

Timeline

  • Dec 5, 2012 CVE Published
  • Dec 28, 2012 CVE Updated
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›