Name of the Vulnerable Software and Affected Versions: symfony versions prior to 3.4

Description: The issue allowed user enumeration without proper permissions due to distinct exception messages for existing and non-existing users. Additionally, a timing attack could be used by comparing the time taken to authenticate existing and non-existing users.

Recommendations: For symfony versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider modifying the authentication mechanism to return uniform error messages for invalid passwords and non-existent users, regardless of the user's existence.