201 matches found
CVE-2017-1000433
Summary: CVE-2017-1000433 affects PySAML2. Versions 4.4.0 and earlier allow login without a password when Python optimizations are enabled, enabling attacker impersonation of any user. The issue is widely reported across distros and advisories (Debian DLA-2577-1; DLA-1410-1; Ubuntu USN-3520-1; Ge...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
UBUNTU-CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
Authentication Bypass
pysaml2 is vulnerable to authenticable bypass. The vulnerability exists as asserts are ignored when python is run with optimization options, -O, -OO, or with the PYTHONOPTIMIZE environment variable. This causes the UsernamePasswordMako class to accept any password for any valid user...
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
Python package pysaml2 information disclosure vulnerability
The Python package pysaml2 is a Python based implementation of the SAML protocol for exchanging authentication and authorization data between security domains. An information disclosure vulnerability exists in Python package pysaml2 4.4.0 and earlier. An attacker can exploit this vulnerability to...
Design/Logic Flaw
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:PYSEC-2017-26...
PYSEC-2017-26
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
PYSEC-2017-26
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
DEBIAN-CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
UBUNTU-CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
CVE-2017-1000246
CVE-2017-1000246 affects pysaml2 (
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
Hash Collision
pysaml2 is vulnerable to hash collision. The vulnerability exists as it was theoretically possible to cause a SHA1 hash collision in init.py...
Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3402-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3402-1 advisory. It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files. Tenabl...
USN-3402-1: PySAML2 vulnerability
It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...
USN-3402-1 python-pysaml2 vulnerability
It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...