Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: pivotal
Published: 2019-06-26T14:06:15.312137Z
Updated: 2024-09-16T19:25:59.208Z
Reserved: 2019-04-18T00:00:00
Link: CVE-2019-11272
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-26T14:15:09.980
Modified: 2024-11-21T04:20:49.703
Link: CVE-2019-11272
Redhat