Описание
Symfony has an Authentication Bypass via RememberMe
Description
When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.
Resolution
The PersistentRememberMeHandler class now ensures the submitted username is the cookie owner.
The patch for this issue is available here for branch 5.4.
Credits
We would like to thank Moritz Rauch - Pentryx AG for reporting the issue and Jérémy Derussé for providing the fix.
Ссылки
- https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
- https://nvd.nist.gov/vuln/detail/CVE-2024-51996
- https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
- https://symfony.com/cve-2024-51996
Пакеты
symfony/security-http
>= 5.3.0, < 5.4.47
5.4.47
symfony/security-http
>= 6.0.0-BETA1, < 6.4.15
6.4.15
symfony/security-http
>= 7.0.0-BETA1, < 7.1.8
7.1.8
Связанные уязвимости
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8.
Symphony process is a module for the Symphony PHP framework which exec ...
Уязвимость компонента Process программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю обойти ограничения безопасности