Description
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Remediation
References
http://support.springsource.com/security/CVE-2012-5055
Related Vulnerabilities
CVE-2022-26612 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2022-25204 Vulnerability in maven package by.dev.madhead.doktor:doktor
CVE-2022-36899 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2018-8006 Vulnerability in maven package org.apache.activemq:activemq-web-console