7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-51996

GHSA ID

GHSA-cg23-qf8f-62rr

EPSS Score

0.15005%

CWE

CWE-287

Published

11/13/2024

Updated

11/14/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-51996

CVE-2024-51996:
Symfony has an Authentication Bypass via RememberMe

Description

When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.

Resolution

The PersistentRememberMeHandler class now ensures the submitted username is the cookie owner.

The patch for this issue is available here for branch 5.4.

Credits

We would like to thank Moritz Rauch - Pentryx AG for reporting the issue and Jérémy Derussé for providing the fix.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-51996

GHSA ID

GHSA-cg23-qf8f-62rr

EPSS Score

0.15005%

CWE

CWE-287

Published

11/13/2024

Updated

11/14/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
symfony/security-http	composer	>= 5.3.0, < 5.4.47	5.4.47
symfony/security-http	composer	>= 6.0.0-BETA1, < 6.4.15	6.4.15
symfony/security-http	composer	>= 7.0.0-BETA1, < 7.1.8	7.1.8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the lack of username/class validation in the cookie consumption process. The commit diff shows critical security checks were added to PersistentRememberMeHandler.php's consumeRememberMeCookie method, specifically comparing getUserIdentifier() and getClass() between the cookie data and database record. The original code (before patch) did not perform these checks, making this function the entry point for the authentication bypass. The test cases added in PersistentRememberMeHandlerTest.php also validate this scenario by checking for invalid owners/cookie values.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### **s*ription W**n *onsumin* * p*rsist** r*m*m**r-m* *ooki*, Sym*ony *o*s not ****k i* t** us*rn*m* p*rsist** in t** **t***s* m*t***s t** us*rn*m* *tt***** wit* t** *ooki*, l***in* to *ut**nti**tion *yp*ss. ### R*solution T** `P*rsist*ntR*m*m**r

Reasoning

T** vuln*r**ility st*ms *rom t** l**k o* us*rn*m*/*l*ss v*li**tion in t** *ooki* *onsumption pro**ss. T** *ommit *i** s*ows *riti**l s**urity ****ks w*r* ***** to P*rsist*ntR*m*m**rM***n*l*r.p*p's *onsum*R*m*m**rM**ooki* m*t*o*, sp**i*i**lly *omp*rin

7.5

Basic Information

Concerned about an active attack path?

CVE-2024-51996: Symfony has an Authentication Bypass via RememberMe

Description

Resolution

Credits

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-51996:
Symfony has an Authentication Bypass via RememberMe

Vulnerability Intelligence
Miggo AI