CVE-2017-1000433

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000433

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000433.json

Aliases

Related

Published

2018-01-02T23:29:00Z

Modified

2023-11-29T05:55:54.513464Z

Details

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

References

Affected packages

Git / github.com/identitypython/pysaml2

Affected ranges

Type: GIT
Repo: https://github.com/identitypython/pysaml2
Events: Introduced

0The exact introduced commit is unknown

Last affected

78261b9ae13c3855b33009cb1c5abc2c45839828

Type: GIT
Repo: https://github.com/rohe/pysaml2
Events: Introduced

0The exact introduced commit is unknown

Last affected

78261b9ae13c3855b33009cb1c5abc2c45839828

Affected versions

0.*

0.1

0.2

0.4

0.4.1

0.4.2

1.*

1.0.0

1.0.1

2.*

2.0.0

2.1.0

2.3.0

2.4.0

3.*

3.0.0

4.*

4.0.0

v1.*

v1.0.3

v2.*

v2.2.0

v3.*

v3.0.2

v4.*

v4.1.0

v4.2.0

v4.3.0

v4.4.0