CVE-2017-1000433
Description
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.083
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-10127,CVE-2016-10149,CVE-2017-1000433 are fixed in Python-pysaml2 4.5.0 | Windows |
| Pure python implementation of SAML2 (USN-3520-1) python-pysaml2_3.0.0-3ubuntu2.2_all.deb | Linux |
| Pure python implementation of SAML2 (USN-3520-1) python-pysaml2_3.0.0-3ubuntu1.16.04.3_all.deb | Linux |
| Pure python implementation of SAML2 (USN-3520-1) python-pysaml2_3.0.0-3ubuntu1.17.04.3_all.deb | Linux |
| Pure python implementation of SAML2 (USN-3520-1) python3-pysaml2_3.0.0-3ubuntu2.2_all.deb | Linux |
| Pure python implementation of SAML2 (USN-3520-1) python3-pysaml2_3.0.0-3ubuntu1.16.04.3_all.deb | Linux |
| Pure python implementation of SAML2 (USN-3520-1) python3-pysaml2_3.0.0-3ubuntu1.17.04.3_all.deb | Linux |
| Vulnerabilities CVE-2016-10127,CVE-2016-10149,CVE-2017-1000433 are fixed in Python-pysaml2 for linux 4.5.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234