Lucene search
K

201 matches found

CVE
CVE
added 2018/01/02 11:0 p.m.127 views

CVE-2017-1000433

Summary: CVE-2017-1000433 affects PySAML2. Versions 4.4.0 and earlier allow login without a password when Python optimizations are enabled, enabling attacker impersonation of any user. The issue is widely reported across distros and advisories (Debian DLA-2577-1; DLA-1410-1; Ubuntu USN-3520-1; Ge...

8.1CVSS7.8AI score0.0252EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2018/01/02 12:0 a.m.19 views

CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

8.1CVSS6.9AI score0.0252EPSS
Exploits0References3
OSV
OSV
added 2018/01/02 12:0 a.m.2 views

UBUNTU-CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

8.1CVSS6.9AI score0.0252EPSS
Exploits0References4
Veracode
Veracode
added 2017/12/20 8:4 a.m.30 views

Authentication Bypass

pysaml2 is vulnerable to authenticable bypass. The vulnerability exists as asserts are ignored when python is run with optimization options, -O, -OO, or with the PYTHONOPTIMIZE environment variable. This causes the UsernamePasswordMako class to accept any password for any valid user...

8.1CVSS7.9AI score0.0252EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2017/12/11 1:50 p.m.12 views

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS4.5AI score0.00905EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/25 12:0 a.m.4 views

Python package pysaml2 information disclosure vulnerability

The Python package pysaml2 is a Python based implementation of the SAML protocol for exchanging authentication and authorization data between security domains. An information disclosure vulnerability exists in Python package pysaml2 4.4.0 and earlier. An attacker can exploit this vulnerability to...

5.3CVSS6.5AI score0.00905EPSS
Exploits0References1
Prion
Prion
added 2017/11/17 4:29 a.m.12 views

Design/Logic Flaw

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5CVSS5.2AI score0.00905EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/11/17 4:29 a.m.24 views

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS5.2AI score0.00905EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2017/11/17 4:29 a.m.5 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:PYSEC-2017-26...

5.3CVSS6.7AI score0.00905EPSS
Exploits0
PyPA
PyPA
added 2017/11/17 4:29 a.m.5 views

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS6.9AI score0.00905EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/11/17 4:29 a.m.27 views

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS4.5AI score0.00905EPSS
Exploits0References2
OSV
OSV
added 2017/11/17 4:29 a.m.4 views

DEBIAN-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS7.7AI score0.00905EPSS
Exploits0References1
OSV
OSV
added 2017/11/17 4:29 a.m.18 views

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS5.3AI score
Exploits0References1
OSV
OSV
added 2017/11/17 4:29 a.m.3 views

UBUNTU-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS6.7AI score0.00905EPSS
Exploits0References3
CVE
CVE
added 2017/11/17 4:0 a.m.83 views

CVE-2017-1000246

CVE-2017-1000246 affects pysaml2 (

5.3CVSS5.2AI score0.00905EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2017/11/17 4:0 a.m.14 views

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS5.7AI score0.00905EPSS
Exploits0
Veracode
Veracode
added 2017/09/11 7:50 a.m.11 views

Hash Collision

pysaml2 is vulnerable to hash collision. The vulnerability exists as it was theoretically possible to cause a SHA1 hash collision in init.py...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/08/25 12:0 a.m.38 views

Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3402-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3402-1 advisory. It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files. Tenabl...

7.5CVSS6.9AI score0.0386EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2017/08/24 12:2 p.m.46 views

USN-3402-1: PySAML2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...

7.5CVSS6.9AI score0.0386EPSS
Exploits0
OSV
OSV
added 2017/08/24 12:2 p.m.4 views

USN-3402-1 python-pysaml2 vulnerability

It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files...

7.5CVSS6.9AI score0.0386EPSS
Exploits0References2
Rows per page
Query Builder