Launchpad CVE tracker

CVE 2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

Related bugs and status

CVE-2017-1000433 (Candidate) is related to these bugs:

Bug #1750843: pysaml2 version in global requirements must be updated to 4.5.0

Summary				In	Importance	Status
	1750843	pysaml2 version in global requirements must be updated to 4.5.0		OpenStack Global Requirements	Undecided	Fix Released
	1750843	pysaml2 version in global requirements must be updated to 4.5.0		OpenStack Identity (keystone)	Low	Fix Released

Bug #1791835: CVE-2017-1000433: Known moderate severity security vulnerability detected in pysaml2 <= 4.5.0

Summary				In	Importance	Status
	1791835	CVE-2017-1000433: Known moderate severity security vulnerability detected in pysaml2 <= 4.5.0		StarlingX	Low	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-1000433

References