CVE-2017-1000433

Опубликовано: 02 янв. 2018

Источник: debian

EPSS Низкий

Описание

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-pysaml2	fixed	4.5.0-2		package

Примечания

https://github.com/rohe/pysaml2/issues/451
Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5

EPSS

Процентиль: 84%

0.02083

Низкий

Связанные уязвимости

CVE-2017-1000433

CVSS3: 8.1

ubuntu

около 8 лет назад

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

CVE-2017-1000433

CVSS3: 6.5

redhat

больше 8 лет назад

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

CVE-2017-1000433

CVSS3: 8.1

nvd

около 8 лет назад

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

GHSA-924m-4pmx-c67h

CVSS3: 8.1

github

больше 7 лет назад

pysaml2 Improper Authentication vulnerability

EPSS

Процентиль: 84%

0.02083

Низкий