Количество 12
Количество 12
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
CVE-2021-32791
CVE-2021-32791
mod_auth_openidc is an authentication/authorization module for the Apa ...
BDU:2022-01657
Уязвимость функционала шифрования AES GCM модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю получить доступ к конфиденциальным данным
openSUSE-SU-2021:3020-1
Security update for apache2-mod_auth_openidc
openSUSE-SU-2021:1277-1
Security update for apache2-mod_auth_openidc
SUSE-SU-2021:3020-1
Security update for apache2-mod_auth_openidc
RLSA-2022:1823
Moderate: mod_auth_openidc:2.3 security update
ELSA-2022-1823
ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE)
SUSE-SU-2021:3352-1
Security update for apache2-mod_auth_openidc
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | CVSS3: 5.9 | 0% Низкий | около 4 лет назад |
 | CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | CVSS3: 5.9 | 0% Низкий | около 4 лет назад |
 | CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. | CVSS3: 5.9 | 0% Низкий | около 4 лет назад |
 | CVSS3: 5.9 | 0% Низкий | больше 3 лет назад | |
| CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apa ... | CVSS3: 5.9 | 0% Низкий | около 4 лет назад |
 | BDU:2022-01657 Уязвимость функционала шифрования AES GCM модуля аутентификации и авторизации для Apache 2.x HTTP server Mod_auth_openidc, позволяющая нарушителю получить доступ к конфиденциальным данным | CVSS3: 5.9 | 0% Низкий | около 4 лет назад |
 | openSUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc | почти 4 года назад | ||
| openSUSE-SU-2021:1277-1 Security update for apache2-mod_auth_openidc | почти 4 года назад | ||
| SUSE-SU-2021:3020-1 Security update for apache2-mod_auth_openidc | почти 4 года назад | ||
 | RLSA-2022:1823 Moderate: mod_auth_openidc:2.3 security update | около 3 лет назад | ||
| ELSA-2022-1823 ELSA-2022-1823: mod_auth_openidc:2.3 security update (MODERATE) | около 3 лет назад | ||
| SUSE-SU-2021:3352-1 Security update for apache2-mod_auth_openidc | почти 4 года назад |
Уязвимостей на страницу