CRITICAL
Sensiolabs
CVE published 2017-02-07
CVE-2016-2403
CVE-2016-2403 is a critical authentication-bypass issue in Symfony. On affected versions, a remote attacker with a valid username could authenticate using an empty password when the application was configured against a misconfigured LDAP server, resulting in an unauthenticated bind and possible full account compromise. NVD rates the issue CVSS 9.8 and maps it to CWE-287.