Authorization Bypass Vulnerability in the symfony/symfony library

 

 

Authorization Bypass Vulnerability in the symfony/symfony library - CVE-2018-11407

Overview

Symfony authorization can be bypassed by entering a valid username with null as password

Severity

High 9.8

Remediation

update to "symfony/symfony": "v4.1.3"

Reference

https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password

Ready to be protected?

14 days trial , No credit card upfront , Risk free