Описание
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Ссылки
- PatchThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.4.0 (включая)
cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02083
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.1
ubuntu
около 8 лет назад
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
CVSS3: 6.5
redhat
больше 8 лет назад
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
CVSS3: 8.1
debian
около 8 лет назад
pysaml2 version 4.4.0 and older accept any password when run with pyth ...
EPSS
Процентиль: 84%
0.02083
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287