We found results for “”
CVE-2017-1000433
Good to know:
Date: January 2, 2018
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Language: Python
Severity Score
Related Resources (8)
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |