Authentication Bypass Vulnerability in Symfony Framework
CVE-2016-2403

9.8CRITICAL

Key Information:

Vendor

Sensiolabs

Status
Symfony
Vendor
CVE Published:
7 February 2017

What is CVE-2016-2403?

A vulnerability in the Symfony framework allows remote attackers to circumvent authentication mechanisms by logging in with a valid username and an empty password. This exploitation results in an unauthenticated bind, potentially exposing sensitive information and granting unauthorized access to the system. This issue affects specific versions, making it crucial for users to ensure they are operating on patched releases to maintain security integrity.

References

http://symfony.com/blog/cve-2016-2403-unauthorized-access...
x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4262
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/96137
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.