Описание
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.
Ссылки
- Patch
- Release Notes
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.4.85 (включая) до 7.0.209 (исключая)
cpe:2.3:a:pspete:pspas:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
3.1 Low
CVSS3
Дефекты
CWE-757
Связанные уязвимости
CVSS3: 3.1
github
5 месяцев назад
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.
EPSS
Процентиль: 12%
0.00041
Низкий
3.1 Low
CVSS3
Дефекты
CWE-757