CVE-2013-5750 Information

Description

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation as demonstrated by a PBKDF2 computation.

Reference

http://symfony.com/blog/cve-2013-5750-security-issue-in-fosuserbundle-login-form