PT-2013-5765 · Friendsofsymfony · Fosuserbundle

Fabien Potencier

Published

2013-09-25

Updated

2022-05-17

CVE-2013-5750

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions FOSUserBundle versions prior to 1.3.3

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by submitting a long password to the login form. This triggers an expensive hash computation, such as a PBKDF2 computation.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the maximum password length to prevent excessive CPU consumption.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-400

Related Identifiers

CVE-2013-5750

GHSA-9MPF-G3FC-9RGV

Affected Products

Fosuserbundle

PT-2013-5765 · Friendsofsymfony · Fosuserbundle

CVE-2013-5750

Weakness Enumeration

Related Identifiers

Affected Products

References · 5