Weak Encryption of Data in pysaml2 IDP Server

Weak Encryption of Data in pysaml2 IDP Server

CVE-2017-1000246 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Learn more about our Cis Benchmark Audit For Server Software.