Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation
Vulnerability Description
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
Spring Security 安全漏洞
Vulnerability Description
Spring Security是Spring开源的一款具有认证和授权功能的安全框架。 Spring Security存在安全漏洞,该漏洞源于DaoAuthenticationProvider中的时序攻击缓解措施被破坏,可能导致攻击者通过响应时间差异推断有效用户名或其他身份验证行为。
CVSS Information
N/A
Vulnerability Type
N/A