The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fosuserbundle | Friends_of_symfony_project | * | 1.3.2 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.0.0 (including) | 1.0.0 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.1.0 (including) | 1.1.0 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.2.0 (including) | 1.2.0 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.2.1 (including) | 1.2.1 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.2.3 (including) | 1.2.3 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.2.4 (including) | 1.2.4 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.2.5 (including) | 1.2.5 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.3.0 (including) | 1.3.0 (including) |
| Fosuserbundle | Friends_of_symfony_project | 1.3.1 (including) | 1.3.1 (including) |