Количество 13
Количество 13
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32791
Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apa ...
BDU:2022-01657
Уязвимость функционала шифрования AES GCM модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю получить доступ к конфиденциальным данным
openSUSE-SU-2021:3020-1
Security update for apache2-mod_auth_openidc
openSUSE-SU-2021:1277-1
Security update for apache2-mod_auth_openidc
SUSE-SU-2021:3020-1
Security update for apache2-mod_auth_openidc
RLSA-2022:1823
Moderate: mod_auth_openidc:2.3 security update
ELSA-2022-1823
ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE)
SUSE-SU-2021:3352-1
Security update for apache2-mod_auth_openidc
SUSE-SU-2025:4532-1
Security update for apache2-mod_auth_openidc
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc | CVSS3: 5.9 | 0% Низкий | около 4 лет назад |
| CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apa ... | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
 | BDU:2022-01657 Уязвимость функционала шифрования AES GCM модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю получить доступ к конфиденциальным данным | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc | больше 4 лет назад | ||
| openSUSE-SU-2021:1277-1 Security update for apache2-mod_auth_openidc | больше 4 лет назад | ||
| SUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc | больше 4 лет назад | ||
 | RLSA-2022:1823 Moderate: mod_auth_openidc:2.3 security update | больше 3 лет назад | ||
| ELSA-2022-1823 ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE) | больше 3 лет назад | ||
| SUSE-SU-2021:3352-1 Security update for apache2-mod_auth_openidc | больше 4 лет назад | ||
| SUSE-SU-2025:4532-1 Security update for apache2-mod_auth_openidc | около 1 месяца назад |
Уязвимостей на страницу