CVE-2016-2403

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 2.8.6 Symfony versions 3.x prior to 3.0.6

Description The issue allows remote attackers to bypass authentication by logging in with an empty password and a valid username. This is due to errors in processing user authentication data, which can be exploited by a remote attacker to bypass the authentication procedure by specifying an existing username and an empty string as the password.

Recommendations For Symfony versions prior to 2.8.6, update to version 2.8.6 or later. For Symfony versions 3.x prior to 3.0.6, update to version 3.0.6 or later.