CVE-2014-0097

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:spring_security:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.1:*:*:*:*:*:*:*

History

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

08 Jun 2021, 18:22

Type Values Removed Values Added
CPE cpe:2.3:a:pivotal_software:spring_security:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.1.1:*:*:*:*:*:*:*

Information

Published : 2017-05-25 17:29

Updated : 2024-02-04 19:29


NVD link : CVE-2014-0097

Mitre link : CVE-2014-0097

CVE.ORG link : CVE-2014-0097


JSON object : View

Products Affected

vmware

  • spring_security
CWE
CWE-287

Improper Authentication