Lucene search
PivotalCVELIST:CVE-2019-11272HistoryJun 20, 2019 - 12:00 a.m.
CVE-2019-11272 PlaintextPasswordEncoder authenticates encoded passwords that are null
2019-06-2000:00:00
CWE-287
pivotal
www.cve.org
6
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of “null”.
CNA Affected
[
{
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.2.13.RELEASE",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
]Related
openvas
openvas
Debian: Security Advisory (DLA-1848-1)
2019-07-10 00:00:00
github
github
osv
osv
CVE-2019-11272
2019-06-26 14:15:09
libspring-security-2.0-java - security update
2019-07-08 00:00:00
prion
prion
Design/Logic Flaw
2019-06-26 14:15:00
veracode
veracode
Authentication Bypass Via Null Authentication
2019-06-27 09:28:20
nvd
nvd
CVE-2019-11272
2019-06-26 14:15:09
cve
cve
CVE-2019-11272
2019-06-26 14:15:09
ubuntucve
ubuntucve
CVE-2019-11272
2019-06-26 00:00:00
debian
debian
[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update
2019-07-09 06:25:18
redhatcve
redhatcve
CVE-2019-11272
2019-10-11 18:16:25
nessus
nessus
Debian DLA-1848-1 : libspring-security-2.0-java security update
2019-07-11 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22