201 matches found
Debian: Security Advisory (DLA-1410-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1410-1 : python-pysaml2 security update
Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without knowing their password. For Debian 8 'Jessie', this issue has been fixed in version 2.0.0-1+deb8u2...
[SECURITY] [DLA 1410-1] python-pysaml2 security update
Package : python-pysaml2 Version : 2.0.0-1+deb8u2 CVE ID : CVE-2017-1000433 Debian Bug : 886423 Pysaml2, a Python implementation of the Security Assertion Markup Language, would accept any password when run with Python optimizations enabled. This allows attackers to log in as any user without...
DLA-1410-1 python-pysaml2 - security update
Bulletin has no description...
GLSA-201801-11 : PySAML2: Security bypass
The remote host is affected by the vulnerability described in GLSA-201801-11 PySAML2: Security bypass It was found that the PySAML2 relies on an assert statement to check the users password. A python optimizations might remove this assertion. Impact : A remote attacker could bypass security...
PySAML2: Security bypass
Background PySAML2 is a pure python implementation of SAML2 Description It was found that the PySAML2 relies on an assert statement to check the user’s password. A python optimizations might remove this assertion. Impact A remote attacker could bypass security restrictions and access any...
Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3520-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3520-1 advisory. It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as a...
USN-3520-1 python-pysaml2 vulnerability
It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password...
USN-3520-1: PySAML2 vulnerability
It was discovered that PySAML2 incorrectly accepted any password when run with python optimizations enabled. An attacker could use this issue to authenticate as any user without a valid password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
PySAML2 Password Acceptance Vulnerability
PySAML2 is an implementation of SAML2 written in python. A security vulnerability exists in PySAML2 4.4.0 and earlier versions, which stems from the program receiving arbitrary passwords. An attacker can exploit the vulnerability to log in as an arbitrary user...
PYSEC-2018-48
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2017-1000433 via pysaml2 (>=4.0.2 <=4.4.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000433 Source advisory: OSV:PYSEC-2018-48...
Default credentials
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
PYSEC-2018-48
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
DEBIAN-CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...