CVE-2019-11272: Improper Authentication

June 26, 2019 (updated June 27, 2019)

Spring Security support plain text passwords using PlaintextPasswordEncoder. a malicious user (or attacker) can authenticate using a password of null.

References

nvd.nist.gov/vuln/detail/CVE-2019-11272
pivotal.io/security/cve-2019-11272

Code Behaviors & Features

Detect and mitigate CVE-2019-11272 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →