Description
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Remediation
References
http://support.springsource.com/security/CVE-2012-5055
Related Vulnerabilities
CVE-2023-27987 Vulnerability in maven package org.apache.linkis:linkis-dist
CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2012-0392 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2023-29212 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui
CVE-2018-1000197 Vulnerability in maven package com.blackducksoftware.integration:blackduck-hub