CNNVD-202509-2479 Information
CNNVD ID
CNNVD-202509-2479
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
psPAS是Pete Maan个人开发者的一个PowerShell模块。 psPAS 7.0.209之前版本存在安全漏洞,该漏洞源于Get-PASSAMLResponse函数未强制使用TLS 1.2,可能导致中间人攻击。
Description (English)
PsPAS is a PowerShell module for Pete Maan personal developers. PsPAS 7.0.209 contains a security loophole which stems from the fact that the Get-PASSAMLResponse function does not enforce TLS 1.2, which may result in an attack by an intermediary.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-16
Last Modified
2026-02-24
References
https://github.com/pspete/psPAS/commit/2a8b1b4bc001bec9969ea512ed83386ed3e0b8f8#diff-e40bf02e86c8a8babbb20529ecaef6a069d8b5ea21701dca429dce78181109a7L37-R75 https://github.com/pspete/psPAS/releases/tag/v7.0.209 https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-258-01.json https://www.cve.org/CVERecord?id=CVE-2025-59270
Patch
https://github.com/pspete/psPAS/releases
Share on: