Description
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.
Remediation
References
http://support.springsource.com/security/CVE-2012-5055
Related Vulnerabilities
CVE-2022-36912 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat
CVE-2020-9281 Vulnerability in npm package ckeditor4-dev
CVE-2022-31160 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2022-31167 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security