CVE-2017-1000433

Sažetak

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

Reference

https://github.com/rohe/pysaml2/issues/451
https://lists.debian.org/debian-lts-announce/2018/07/msg00000.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html
https://security.gentoo.org/glsa/201801-11

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

04-03-2021 - 21:16

Objavljeno

02-01-2018 - 23:29