Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main
Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
Namespace: James-AST
Repository: astlab
Repository Url: https://github.com/James-AST/astlab
CxAST-Project: James-AST/astlab
CxAST platform scan: 8d73a497-bbc7-4126-b536-ea634bc032dd
Branch: main
Application: astlab
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-255
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: LOW
Remediation Upgrade Recommendation: 4.2.16.RELEASE
References
Advisory
Commit
Issue
Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main
Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
Namespace: James-AST
Repository: astlab
Repository Url: https://github.com/James-AST/astlab
CxAST-Project: James-AST/astlab
CxAST platform scan: 8d73a497-bbc7-4126-b536-ea634bc032dd
Branch: main
Application: astlab
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-255
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: LOW
Remediation Upgrade Recommendation: 4.2.16.RELEASE
References
Advisory
Commit
Issue