High severity8.1NVD Advisory· Published Jan 2, 2018· Updated Jun 17, 2026
CVE-2017-1000433
CVE-2017-1000433
Description
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pysaml2PyPI | < 4.5.0 | 4.5.0 |
Affected products
16- ghsa-coords16 versionspkg:pypi/pysaml2pkg:rpm/suse/caasp-openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/crowbar&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/galera-python-clustercheck&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-PyKMIP&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207
< 4.5.0+ 15 more
- (no CPE)range: < 4.5.0
- (no CPE)range: < 1.0+git.1553079189.3bf8922-1.6.2
- (no CPE)range: < 4.0+git.1556285635.ab602dd4d-9.46.3
- (no CPE)range: < 4.0+git.1556285635.ab602dd4d-9.46.3
- (no CPE)range: < 4.0+git.1551088848.823bcaa3-7.29.2
- (no CPE)range: < 4.0+git.1551088848.823bcaa3-7.29.2
- (no CPE)range: < 4.0+git.1556181005.47c643d-4.46.3
- (no CPE)range: < 4.0+git.1554887450.ff7c30c1c-9.51.3
- (no CPE)range: < 0.0+git.1506329536.8f5878c-1.6.2
- (no CPE)range: < 7.1.1~dev4-4.15.3
- (no CPE)range: < 7.1.1~dev4-4.15.3
- (no CPE)range: < 5.1.1~dev1-2.6.3
- (no CPE)range: < 0.5.0-3.3.3
- (no CPE)range: < 4.0.2-3.3.2
- (no CPE)range: < 3.9.0-7.14.2
- (no CPE)range: < 3.9.0-7.14.2
Patches
Vulnerability mechanics
References
9- github.com/rohe/pysaml2/issues/451nvdPatchThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-924m-4pmx-c67hghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/07/msg00000.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2021/02/msg00038.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-1000433ghsaADVISORY
- security.gentoo.org/glsa/201801-11nvdIssue TrackingThird Party AdvisoryWEB
- github.com/IdentityPython/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5ghsaWEB
- github.com/IdentityPython/pysaml2/pull/454ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2018-48.yamlghsaWEB
News mentions
0No linked articles in our index yet.