PYSEC-2017-26 — Vulnetix

PYSEC-2017-26 PUBLISHED

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Affected Products

Vendor	Product	Versions
PyPI	pysaml2	2.1.0, 0, 1.0.1

Timeline

Nov 17, 2017 CVE Published
Nov 8, 2023 CVE Updated

References

https://github.com/advisories/GHSA-cq94-qf6q-mf2h advisory
https://github.com/rohe/pysaml2/issues/417 discussion

Open in Interactive Console →