CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE

**Vulnerable Package** issue exists @ **Maven\-org\.springframework\.security:spring\-security\-core\-3\.2\.4\.RELEASE** in branch **main**

Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

**Namespace:** hirendgithub
**Repository:** astlab2
**Repository Url:** https://github.com/hirendgithub/astlab2
**CxAST\-Project:** hirendgithub/astlab2
**CxAST platform scan:** [f38f5609\-2c5d\-484e\-ace6\-e6d02cf55a60](https://ast.checkmarx.net/projects/f5775c6e-3991-4ea8-a0e2-cd8ca557f881/scans?id=f38f5609-2c5d-484e-ace6-e6d02cf55a60&branch=main)
**Branch:** main
**Application:** astlab2
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-255


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** LOW
**Remediation Upgrade Recommendation:** 4.2.16.RELEASE


----
**References**
[Advisory](https://pivotal.io/security/cve-2019-11272)
[Commit](https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee#diff-1077c52b04fb584eef7773921b93dd34)
[Issue](https://github.com/spring-projects/spring-security/issues/7023)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE #18

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE #18

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions