VDB
DEBIAN-CVE-2017-1000433
DEBIAN-CVE-2017-1000433
PUBLISHED
CVSS 8.100000381469727 HIGH
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | python-pysaml2 | 0, 0, 0 |
| Debian:14 | python-pysaml2 | 0, 0, 0 |
| Debian:11 | python-pysaml2 | 0, 0, 0 |
| Debian:12 | python-pysaml2 | 0, 0, 0 |
Timeline
- Jan 2, 2018 CVE Published
- Apr 28, 2026 CVE Updated