Spring Security DaoAuthenticationProvider Username Enumeration Weakness

Spring Security is prone to a username-enumeration weakness because it responds differently to login attempts depending on whether or not the username exists.

Attackers may exploit this weakness to discern valid usernames, which may aid them in brute-force password cracking or other attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus