Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 2.0.6

Description: The issue allows a user to switch to another user's account by changing their username via a form to an existing username, resulting in a validation error but modifying the user object in the session to the new username. This is possible when using Doctrine as a user provider and allowing users to update their login/username from a form. The problem arises because the user object in the session is updated based on the username, which can be changed. The fix involves refreshing the user via the primary key instead of the username.

Recommendations: For versions prior to 2.0.6, upgrade to Symfony 2.0.6 as soon as possible to address the security vulnerability. As a temporary workaround, consider applying the patch provided to prevent users from switching to other accounts by modifying the user object in the session based on the primary key instead of the username.