diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-08-02 15:05:20 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-02 15:05:20 +0300 |
commit | 79d679883f0b198511ea5eeaaf53f1f625e8d938 (patch) | |
tree | 52e9bb0bd2dd016b76d9e1dcd89fbba8c1edae87 /src/saml2/authn.py | |
parent | d5e4e1b386306fb1e4118ae7bdf52a459328a18f (diff) | |
parent | 0e6aab4a3d6ae62c7f0791c7c4e85f93eba2958e (diff) | |
download | pysaml2-79d679883f0b198511ea5eeaaf53f1f625e8d938.tar.gz |
Merge pull request #519 from c00kiemon5ter/fix-aes-ctr-ecb-CVE-2017-1000246
Fix AES IV reuse - drop support for CTR and ECB - address CVE-2017-1000246
Diffstat (limited to 'src/saml2/authn.py')
-rw-r--r-- | src/saml2/authn.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/saml2/authn.py b/src/saml2/authn.py index 32f91247..049622e7 100644 --- a/src/saml2/authn.py +++ b/src/saml2/authn.py @@ -120,7 +120,7 @@ class UsernamePasswordMako(UserAuthnMethod): self.return_to = return_to self.active = {} self.query_param = "upm_answer" - self.aes = AESCipher(self.srv.symkey.encode(), srv.iv) + self.aes = AESCipher(self.srv.symkey.encode()) def __call__(self, cookie=None, policy_url=None, logo_url=None, query="", **kwargs): |