CVE-2020-5408 - OpenCVE

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Spring Security
Pivotal Software	Spring Security

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:spring_security::::::::
	cpe:2.3:a:pivotal_software:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::

References

Link	Resource
https://tanzu.vmware.com/security/cve-2020-5408	Vendor Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: pivotal

Published: 2020-05-13T00:00:00

Updated: 2021-06-14T17:20:23

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5408

JSON object: View

NVD Information

Status : Modified

Published: 2020-05-14T18:15:12.250

Modified: 2021-06-14T18:15:32.440

Link: CVE-2020-5408

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Spring Security", "vendor": "Spring by VMware", "versions": [{"lessThan": "4.2.16", "status": "affected", "version": "4.2", "versionType": "custom"}, {"lessThan": "5.0.16", "status": "affected", "version": "5.0", "versionType": "custom"}, {"lessThan": "5.1.10", "status": "affected", "version": "5.1", "versionType": "custom"}, {"lessThan": "5.2.4", "status": "affected", "version": "5.2", "versionType": "custom"}, {"lessThan": "5.3.2", "status": "affected", "version": "5.3", "versionType": "custom"}]}], "datePublic": "2020-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-329", "description": "CWE-329: Not Using a Random IV with CBC Mode", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-14T17:20:23", "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "shortName": "pivotal"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Dictionary attack with Spring Security queryable text encryptor", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@pivotal.io", "DATE_PUBLIC": "2020-05-13T00:00:00.000Z", "ID": "CVE-2020-5408", "STATE": "PUBLIC", "TITLE": "Dictionary attack with Spring Security queryable text encryptor"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Security", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "4.2", "version_value": "4.2.16"}, {"affected": "<", "version_affected": "<", "version_name": "5.0", "version_value": "5.0.16"}, {"affected": "<", "version_affected": "<", "version_name": "5.1", "version_value": "5.1.10"}, {"affected": "<", "version_affected": "<", "version_name": "5.2", "version_value": "5.2.4"}, {"affected": "<", "version_affected": "<", "version_name": "5.3", "version_value": "5.3.2"}]}}]}, "vendor_name": "Spring by VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."}]}, "impact": null, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-329: Not Using a Random IV with CBC Mode"}]}]}, "references": {"reference_data": [{"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://tanzu.vmware.com/security/cve-2020-5408", "refsource": "CONFIRM", "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "assignerShortName": "pivotal", "cveId": "CVE-2020-5408", "datePublished": "2020-05-13T00:00:00", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2021-06-14T17:20:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "79167645-DB8D-4B2E-8F41-19BF2B292516", "versionEndExcluding": "5.2.4", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC9C28BC-B248-4CDB-9BA9-C784D74E32A5", "versionEndExcluding": "5.3.2", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EE7A948-18BC-4F0F-B30C-F4823BCB3D17", "versionEndExcluding": "4.2.16", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D20A6A01-B3C6-4B9D-B1E2-7EC2CF1DD7B8", "versionEndExcluding": "5.0.16", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "B28A37AA-FE75-42B2-9C0F-9CE60933F4B4", "versionEndExcluding": "5.1.10", "versionStartIncluding": "5.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack."}, {"lang": "es", "value": "Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x anteriores a 5.1.10, versiones 5.0.x anteriores a 5.0.16 y versiones 4.2.x anteriores a 4.2.16, utilizan un vector de inicializaci\u00f3n de null corregido con el Modo CBC en la implementaci\u00f3n del encriptador de texto consultable. Un usuario malicioso con acceso a los datos que han sido encriptados, al usar dicho encriptador pueden ser capaces de obtener los valores no encriptados mediante un ataque de diccionario."}], "id": "CVE-2020-5408", "lastModified": "2021-06-14T18:15:32.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-14T18:15:12.250", "references": [{"source": "security@pivotal.io", "tags": ["Vendor Advisory"], "url": "https://tanzu.vmware.com/security/cve-2020-5408"}, {"source": "security@pivotal.io", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "security@pivotal.io", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security@pivotal.io", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "security@pivotal.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-329"}], "source": "security@pivotal.io", "type": "Secondary"}]}