Описание
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.0 (исключая)
cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00122
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 8 лет назад
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVSS3: 5.3
redhat
больше 8 лет назад
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVSS3: 5.3
debian
около 8 лет назад
Python package pysaml2 version 4.4.0 and earlier reuses the initializa ...
CVSS3: 5.3
github
больше 7 лет назад
Pysaml2 improperly initializes encryption vector
EPSS
Процентиль: 32%
0.00122
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330