A security flaw was found in the way DaoAuthenticationProvider of Spring Security Framework performed user authentication. A remote attacker could use this flaw to determine if a particular user name was valid via time difference in cases, when authenticating existing versus non-existing user(s). References: [1] http://support.springsource.com/security/cve-2012-5055
This issue has been addressed in following products: Fuse ESB Enterprise 7.1.0 Patch 3 Via RHSA-2013:0649 https://rhn.redhat.com/errata/RHSA-2013-0649.html
Statement: (none)