CVE-2016-2403: Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to b ...

Severity: Critical

CVSS Score: 9.8

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.