Launchpad.net

CVE 2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

See the CVE page on Mitre.org for more details.

References