Authentication Bypass Vulnerability in Symfony

Authentication Bypass Vulnerability in Symfony

CVE-2016-2403 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

Learn more about our Cis Benchmark Audit For Bind.