Merge pull request #519 from c00kiemon5ter/fix-aes-ctr-ecb-CVE-2017-1000246

Fix AES IV reuse - drop support for CTR and ECB - address CVE-2017-1000246
author: Ivan Kanakarakis <ivan.kanak@gmail.com> 2018-08-02 15:05:20 +0300
committer: GitHub <noreply@github.com> 2018-08-02 15:05:20 +0300
commit: 79d679883f0b198511ea5eeaaf53f1f625e8d938 (patch)
tree: 52e9bb0bd2dd016b76d9e1dcd89fbba8c1edae87 /src/saml2/authn.py
parent: d5e4e1b386306fb1e4118ae7bdf52a459328a18f (diff)
parent: 0e6aab4a3d6ae62c7f0791c7c4e85f93eba2958e (diff)
download: pysaml2-79d679883f0b198511ea5eeaaf53f1f625e8d938.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/saml2/authn.py b/src/saml2/authn.py
index 32f91247..049622e7 100644
--- a/src/saml2/authn.py
+++ b/src/saml2/authn.py
@@ -120,7 +120,7 @@ class UsernamePasswordMako(UserAuthnMethod):
         self.return_to = return_to
         self.active = {}
         self.query_param = "upm_answer"
-        self.aes = AESCipher(self.srv.symkey.encode(), srv.iv)
+        self.aes = AESCipher(self.srv.symkey.encode())
 
     def __call__(self, cookie=None, policy_url=None, logo_url=None,
                  query="", **kwargs):
author	Ivan Kanakarakis <ivan.kanak@gmail.com>	2018-08-02 15:05:20 +0300
committer	GitHub <noreply@github.com>	2018-08-02 15:05:20 +0300
commit	79d679883f0b198511ea5eeaaf53f1f625e8d938 (patch)
tree	52e9bb0bd2dd016b76d9e1dcd89fbba8c1edae87 /src/saml2/authn.py
parent	d5e4e1b386306fb1e4118ae7bdf52a459328a18f (diff)
parent	0e6aab4a3d6ae62c7f0791c7c4e85f93eba2958e (diff)
download	pysaml2-79d679883f0b198511ea5eeaaf53f1f625e8d938.tar.gz