Symfony · Symfony · CVE-2016-2403
**Name of the Vulnerable Software and Affected Versions**
Symfony versions prior to 2.8.6
Symfony versions 3.x prior to 3.0.6
**Description**
The issue allows remote attackers to bypass authentication by logging in with an empty password and a valid `username`. This is due to errors in processing user authentication data, which can be exploited by a remote attacker to bypass the authentication procedure by specifying an existing `username` and an empty string as the `password`.
**Recommendations**
For Symfony versions prior to 2.8.6, update to version 2.8.6 or later.
For Symfony versions 3.x prior to 3.0.6, update to version 3.0.6 or later.