CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE

**Vulnerable Package** issue exists @ **Maven\-org\.springframework\.security:spring\-security\-core\-3\.2\.4\.RELEASE** in branch **main**

Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

**Namespace:** reubenmathias
**Repository:** astlab2
**Repository Url:** https://github.com/reubenmathias/astlab2
**CxAST\-Project:** reubenmathias/astlab2
**CxAST platform scan:** [81c93a36\-3728\-486a\-a8ff\-af774f17eaf7](https://eu.ast.checkmarx.net/projects/72538852-5bd9-4a77-a6c6-5d3b34ca2761/scans?id=81c93a36-3728-486a-a8ff-af774f17eaf7&branch=main)
**Branch:** main
**Application:** astlab2
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-255


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** LOW


----
**References**
[Advisory](https://pivotal.io/security/cve-2019-11272)
[Commit](https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee#diff-1077c52b04fb584eef7773921b93dd34)
[Issue](https://github.com/spring-projects/spring-security/issues/7023)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE #10

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE #10

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions