Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pysaml2 | Pysaml2_project | * | 4.6.0 (excluding) |
Python-pysaml2 | Ubuntu | artful | * |
Python-pysaml2 | Ubuntu | bionic | * |
Python-pysaml2 | Ubuntu | esm-infra/bionic | * |
Python-pysaml2 | Ubuntu | esm-infra/xenial | * |
Python-pysaml2 | Ubuntu | upstream | * |
Python-pysaml2 | Ubuntu | xenial | * |
Python-pysaml2 | Ubuntu | zesty | * |