Credentials Management Errors
CVE-2019-11272
Summary
Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
CWE-255 - Credentials Management Errors
Weaknesses in this category are related to the management of credentials.
Advisory Timeline
- Published