CVE-2016-2403 – symfony/security-core

Package

Manager: composer
Name: symfony/security-core
Vulnerable Version: >=2.8.0 <2.8.6 || >=3.0.0 <3.0.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00154 pctl0.36701

Details

Symfony Authentication Bypass Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

Metadata

Created: 2022-05-14T03:10:21Z
Modified: 2024-02-08T19:24:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wvj5-r78r-hhfq/GHSA-wvj5-r78r-hhfq.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-wvj5-r78r-hhfq
Finding: F006
Auto approve: 1