Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-1000246

Опубликовано: 24 мая 2017
Источник: redhat
CVSS3: 5.3

Описание

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Отчет

Red Hat Product Security has rated this issue as having security impact of Low for:

  • Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
  • Red Hat OpenStack Platform 8.0 (Liberty)
  • Red Hat OpenStack Platform 9.0 (Mitaka)
  • Red Hat OpenStack Platform 10.0 (Newton)
  • Red Hat OpenStack Platform 11.0 (Ocata)
  • Red Hat OpenStack Platform 12.0 (Pike) Although the affected code is present in shipped packages, python-pysaml2 is included only as a dependency of other packages. The affected code cannot be reached in any supported configuration of Red Hat OpenStack Platform. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-pysaml2Will not fix
Red Hat OpenStack Platform 10 (Newton)python-pysaml2Will not fix
Red Hat OpenStack Platform 11 (Ocata)python-pysaml2Will not fix
Red Hat OpenStack Platform 12 (Pike)python-pysaml2Will not fix
Red Hat OpenStack Platform 8 (Liberty)python-pysaml2Will not fix
Red Hat OpenStack Platform 9 (Mitaka)python-pysaml2Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-323
https://bugzilla.redhat.com/show_bug.cgi?id=1524420python-pysaml2: Reuse of AES initialization vector in AESCipher

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-1000246

CVSS3: 5.3
ubuntu
около 8 лет назад

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

nvd логотип

CVE-2017-1000246

CVSS3: 5.3
nvd
около 8 лет назад

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

debian логотип

CVE-2017-1000246

CVSS3: 5.3
debian
около 8 лет назад

Python package pysaml2 version 4.4.0 and earlier reuses the initializa ...

github логотип

GHSA-cq94-qf6q-mf2h

CVSS3: 5.3
github
больше 7 лет назад

Pysaml2 improperly initializes encryption vector

5.3 Medium

CVSS3