Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate severity
GitHub Reviewed
Published
Nov 29, 2024
to the GitHub Advisory Database
•
Updated Dec 3, 2024
Withdrawn
This advisory was withdrawn on Dec 3, 2024
Description
Published by the National Vulnerability Database
Nov 29, 2024
Published to the GitHub Advisory Database
Nov 29, 2024
Reviewed
Dec 2, 2024
Withdrawn
Dec 3, 2024
Last updated
Dec 3, 2024
Withdrawn Advisory
This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046.
Original Description
In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.
References