CVE-2017-1000433

Published January 2nd, 2018

View on NVD ↗

CVSS v3

8.1

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

IdentityPython/pysaml2

Python implementation of SAML2

GitHub

607