{"id":"PYSEC-2017-26","details":"Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.","aliases":["CVE-2017-1000246","GHSA-cq94-qf6q-mf2h"],"modified":"2023-11-01T04:47:23.475456Z","published":"2017-11-17T04:29:00Z","references":[{"type":"REPORT","url":"https://github.com/rohe/pysaml2/issues/417"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-cq94-qf6q-mf2h"}],"affected":[{"package":{"name":"pysaml2","ecosystem":"PyPI","purl":"pkg:pypi/pysaml2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.0"}]}],"versions":["0.4.3","1.0.1","1.0.2","1.0.3","1.1.0","2.0.0","2.1.0","2.2.0","2.3.0","2.4.0","3.0.0","3.0.2","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.5rc1","4.1.0","4.2.0","4.3.0","4.4.0","4.5.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pysaml2/PYSEC-2017-26.yaml"}}],"schema_version":"1.7.3"}