Описание
FriendsOfSymfony FOSUserBundle denial of service via login form
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
Пакеты
Наименование
friendsofsymfony/user-bundle
composer
Затронутые версииВерсия исправления
>= 1.2.0, < 1.2.5
1.2.5
Наименование
friendsofsymfony/user-bundle
composer
Затронутые версииВерсия исправления
>= 1.3.0, < 1.3.3
1.3.3
Связанные уязвимости
nvd
больше 12 лет назад
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.