CVE-2020-5408 - OpenCVE

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pivotal Software	Spring Security
Vmware	Spring Security

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:spring_security::::::::
	cpe:2.3:a:pivotal_software:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::

No data.

References

Link	Providers
https://tanzu.vmware.com/security/cve-2020-5408
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: pivotal

Published: 2020-05-14T17:15:13.256026Z

Updated: 2024-09-17T01:01:47.960Z

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5408

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-14T18:15:12.250

Modified: 2021-06-14T18:15:32.440

Link: CVE-2020-5408

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Spring Security", "vendor": "Spring by VMware", "versions": [{"lessThan": "4.2.16", "status": "affected", "version": "4.2", "versionType": "custom"}, {"lessThan": "5.0.16", "status": "affected", "version": "5.0", "versionType": "custom"}, {"lessThan": "5.1.10", "status": "affected", "version": "5.1", "versionType": "custom"}, {"lessThan": "5.2.4", "status": "affected", "version": "5.2", "versionType": "custom"}, {"lessThan": "5.3.2", "status": "affected", "version": "5.3", "versionType": "custom"}]}], "datePublic": "2020-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-329", "description": "CWE-329: Not Using a Random IV with CBC Mode", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-14T17:20:23", "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "shortName": "pivotal"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Dictionary attack with Spring Security queryable text encryptor", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@pivotal.io", "DATE_PUBLIC": "2020-05-13T00:00:00.000Z", "ID": "CVE-2020-5408", "STATE": "PUBLIC", "TITLE": "Dictionary attack with Spring Security queryable text encryptor"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Security", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "4.2", "version_value": "4.2.16"}, {"affected": "<", "version_affected": "<", "version_name": "5.0", "version_value": "5.0.16"}, {"affected": "<", "version_affected": "<", "version_name": "5.1", "version_value": "5.1.10"}, {"affected": "<", "version_affected": "<", "version_name": "5.2", "version_value": "5.2.4"}, {"affected": "<", "version_affected": "<", "version_name": "5.3", "version_value": "5.3.2"}]}}]}, "vendor_name": "Spring by VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."}]}, "impact": null, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-329: Not Using a Random IV with CBC Mode"}]}]}, "references": {"reference_data": [{"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://tanzu.vmware.com/security/cve-2020-5408", "refsource": "CONFIRM", "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:23.986Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "assignerShortName": "pivotal", "cveId": "CVE-2020-5408", "datePublished": "2020-05-14T17:15:13.256026Z", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2024-09-17T01:01:47.960Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "79167645-DB8D-4B2E-8F41-19BF2B292516", "versionEndExcluding": "5.2.4", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC9C28BC-B248-4CDB-9BA9-C784D74E32A5", "versionEndExcluding": "5.3.2", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EE7A948-18BC-4F0F-B30C-F4823BCB3D17", "versionEndExcluding": "4.2.16", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D20A6A01-B3C6-4B9D-B1E2-7EC2CF1DD7B8", "versionEndExcluding": "5.0.16", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "B28A37AA-FE75-42B2-9C0F-9CE60933F4B4", "versionEndExcluding": "5.1.10", "versionStartIncluding": "5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."}, {"lang": "es", "value": "Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x anteriores a 5.1.10, versiones 5.0.x anteriores a 5.0.16 y versiones 4.2.x anteriores a 4.2.16, utilizan un vector de inicializaci\u00f3n de null corregido con el Modo CBC en la implementaci\u00f3n del encriptador de texto consultable. Un usuario malicioso con acceso a los datos que han sido encriptados, al usar dicho encriptador pueden ser capaces de obtener los valores no encriptados mediante un ataque de diccionario."}], "id": "CVE-2020-5408", "lastModified": "2021-06-14T18:15:32.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-14T18:15:12.250", "references": [{"source": "security@pivotal.io", "tags": ["Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"source": "security@pivotal.io", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "security@pivotal.io", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security@pivotal.io", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "security@pivotal.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-329"}], "source": "security@pivotal.io", "type": "Secondary"}]}