spring-security-core: mishandling of user passwords allows logging in with a password of NULL

A flaw was found in Spring Security in several versions, in the use of plain text passwords using the PlaintextPasswordEncoder. If an application is using an affected version of Spring Security with the PlaintextPasswordEncoder and a user has a null encoded password, an attacker can use this flaw...

The vulnerability of the PlaintextPasswordEncoder class implementation in the Java framework for securing Spring Security industrial applications allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the PlaintextPasswordEncoder class implementation in the Spring Security Java framework, which is designed for securing industrial applications, is related to deficiencies in managing registration data. Exploiting this vulnerability could allow an attacker, operating remotely...