CVE-2021-32791
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-32791
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32791.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-32791
- Downstream
- Related
- Published
- 2021-07-26T17:15:08Z
- Modified
- 2025-11-03T04:12:14.526375Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.
- References
-
- https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c
- https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9
- https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXAWKPT5LXZSUTFSJ6IWSZC7RMYYQXQD/
Affected packages
Git / github.com/apache/httpd
Git / github.com/openidc/mod_auth_openidc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openidc/mod_auth_openidc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
2.*
2.3.11rc1
v1.*
v1.5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9
v2.*
v2.0.0
v2.0.0rc1
v2.0.0rc4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.3.0
v2.3.0rc0
v2.3.0rc3
v2.3.1
v2.3.10
v2.3.10.1
v2.3.10.2
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.0.1
v2.4.0.2
v2.4.0.3
v2.4.0.4
v2.4.1
v2.4.2
v2.4.2.1
v2.4.3
v2.4.4
v2.4.4.1
v2.4.5
v2.4.6
v2.4.7
v2.4.7.1
v2.4.7.2
v2.4.8.1
v2.4.8.2
v2.4.8.3
v2.4.8.4
Database specific
vanir_signatures
[
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_crypto_encrypt",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-3410a732",
"signature_type": "Function",
"digest": {
"function_hash": "250562795330335019704681508981657810738",
"length": 1022.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_crypto_decrypt",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-46f4b063",
"signature_type": "Function",
"digest": {
"function_hash": "253291170206590963414822622960361785398",
"length": 1008.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_hash_passphrase",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-553199b1",
"signature_type": "Function",
"digest": {
"function_hash": "92559305399557349051024400105335262763",
"length": 401.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_set",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-7c79f001",
"signature_type": "Function",
"digest": {
"function_hash": "50824039619987814630976910488863822291",
"length": 1242.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_crypto_decrypt_impl",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-b09aaed3",
"signature_type": "Function",
"digest": {
"function_hash": "176896071813901854226229414800413303095",
"length": 1392.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_crypto_encrypt_impl",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-d011d3db",
"signature_type": "Function",
"digest": {
"function_hash": "260838582536566669801506875545538336068",
"length": 1357.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"function": "oidc_cache_get",
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-d89c75c5",
"signature_type": "Function",
"digest": {
"function_hash": "191306385702304762739582899165071079665",
"length": 1215.0
}
},
{
"source": "https://github.com/openidc/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c",
"target": {
"file": "src/cache/common.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-32791-dd64ec79",
"signature_type": "Line",
"digest": {
"line_hashes": [
"156255299053112132762825430703316685951",
"185322592414925009870069742229243925281",
"53077520254561320782236454456918075650",
"254083255781670708536352374402204558354",
"309705482797698645281036614972150766612",
"55596712159067281806908116373566538977",
"84194749974628692869610081683736835521",
"165082338396806535767783375325166712491",
"228432075416671078617478664271417844586",
"191981506873061424291028388386391452137",
"205188685741364318779881990275770020336",
"316419983629328583114539586127423720370",
"311710907834770073962670615904202742590",
"270073058618608343218324127931830520580",
"138765397666076883972120750158076296892",
"244332763180239870671873805361981494663",
"300737313482164176804694803115580284903",
"238801984068005562838700130738979606645",
"138071990061186975927139445381290948950",
"259409784909711448242533626166111232754",
"73138705246083704374596506765049971632",
"177236131095428911212035955905038567509",
"22798411808482757467429707341782841184",
"153187384264951755713272029343660758854",
"234708831839674554995417639633134429645",
"97656718973528419498363433997672785125",
"51242457202506791262137908173213209662",
"198027294770867711374492104184935191240",
"80868086533319287985849148989544490014",
"46368458574390256871403767342170195242",
"305880151762903202189229001346931335009",
"82974136985871116221968187965535929127",
"130062306459255247634997894165593173138",
"89019374499921317236331394997350886848",
"314002807482099249436170259679197952385",
"132380489555540993166853155187532881021",
"322432942619653871755104958929373553995",
"259610954863542919056704193535718531392",
"324191877213770532430056140983706237187",
"53383834391029722230732632049727023154",
"114387955504679482013840692972064713848",
"280378827662732245948463272096552034615",
"203996651793267496415451604780220988197",
"293326475122764766260644978888108293722",
"95729155691427145684339468703153563168",
"245723954451457860889408282434054373636",
"115943576989866641670493706107413173586",
"236568710890346818824847308900736135936",
"328377700892884975336616739288968901693",
"30973060583518789268000972351659584596",
"32053057207480748183225093597615470773",
"162340190057482888003137666960454809063",
"47146610669871313358843590766378724675",
"121257360076279913431622994110345007724",
"177279646214215416488218712767986179993",
"171546736445558953101849600662931211756",
"48717214881218353481460509844269438176",
"274199032952300622984721613388704048206",
"237130047246986339797716806874535256998",
"313045581465844685793173706417468348973",
"323938763407312416072374703961615642336",
"138765397666076883972120750158076296892",
"179021268317662932767539471728071399703",
"324810305206288551572737972225144765161",
"196207910761685844419776034502131067922",
"99214296289839573948641986879161611978",
"181210774179821199455689550857917081822",
"73138705246083704374596506765049971632",
"177236131095428911212035955905038567509",
"22798411808482757467429707341782841184",
"273986279088130521633017444225678510150",
"314263628720835063468260579140147328126",
"178813311421197209317072016097923494974",
"143873146936613498137960863036359229722",
"203715353371403376813695884763466604190",
"84425043420407738705951521414416376018",
"114321257168265669991991562885158585043",
"177661523318807723927793893372656869941",
"82974136985871116221968187965535929127",
"267020731388996753184654188027805998956",
"95675083945555218329235750495416802178",
"91281501756069869219357338600675578611",
"251436727255526947383912453373739341094",
"86736183212505594516515948252001820934",
"185820299094294138319837208074039466261",
"117767176230266335329757578349304777297",
"304309579774504136860325387697859945116",
"235077689107710489444333963504948040097",
"115943576989866641670493706107413173586",
"178833977551813297628572917353412508528",
"283007344168748427212877960911516846248",
"81322756089128139711197852553800192157",
"146166316099635626901933722042625945840",
"19375195380225878589981173916950095945",
"306764790122684195755536818738449794374",
"143473923512351953000835025819580460932",
"219918108354817816131577267692347409021",
"305008275453871914384847731849684867239",
"271734265648167322391392687390881126030",
"288158354002000898471703494893002776358",
"287501850322777688808828095357270606887",
"271993161305591042065111199585692787711",
"202849444701857101156506562090229155551",
"222530814494381549727197926042021112453",
"336117438746694390551409458528333340472",
"36557650504945223163325635937308271647",
"212197518205525887293162166189643666555",
"14784282809329029709119730525844231133",
"260176515667011240000757008518488315070",
"157292760012261719827299418547174991839",
"25729069699896415045081174686752951209",
"163195046734169846524590459271239901910",
"137275941152841539402810957254504423444",
"228550037123715063894460863578371212890",
"175042122345452822417388964727334243450",
"246433797705758489959633535565609139057",
"29025851836674290808864752459967329033",
"274314788340541785678938008475746684669",
"59701318902070282612588018106700441525",
"58170460660986822379666441162675999754",
"336639650282290500040268905661720950332",
"150855182980544184518145085698278708497",
"214299401321645115811199823543088507945",
"310895999707247267231641501706901721453",
"309253957919172556550589572273854087767",
"179940984525260183442130975464073211470",
"192471994038102284919894870262102670828",
"55124859756815677150913944727755851251",
"32947196513718841680853484668746031990",
"120369357079827996010447062080773437228",
"124790436746860775234890363684953623788",
"300902328261019738144554051477834001050",
"188341716053790642162499271155991792245",
"311601661279178601871761169935069410043",
"309679747613813734959786711242906088579",
"265385428548396502206694659555296784732",
"149029695148744732399590320257344728573",
"247546088238601544072053656992701940727",
"177999829571181083172904626586024140255",
"174709420379309456293207700957998264119",
"257095437694711076023426478486175571895",
"112858089363619379363049024627870940162",
"265552441252624724999559024793892565289",
"242027663179629251001183686536210570192",
"94094832206342472030443059238186210308",
"221999485828388373779050376092529821423",
"345056343527617326979729894228745516",
"23384767702050693418708274746118604573",
"294348920675214431865169042858078146588",
"33893954883833251117728074751273231512",
"193474062961431651982352860151493739498",
"10367704454035058052106491587507404989",
"81856479111069059516291474039158055590",
"244662673701351858712566981365946129652",
"315685382776965195265456549100834903254",
"273339387013300340995948591319434145560",
"280775413612433996582589722032924931996",
"167084860716988408737267124957575204613",
"77293621828517668845180878031115258444",
"130717820849760010136541191818035038658",
"27096666673301751355656568763214285709",
"143518177815869853396915484595329372174",
"209347392112805043778297463263768550625",
"267838456551841246928457283525050318943",
"122790786193497619639323968044031303296",
"300427781318550251026411708842414678209",
"211875299269214495200244449351432868335",
"201869273277298355807783989755294843884",
"140566006237809142175797415761922379980",
"143472556069293780384827232790043821025",
"30907675188096213550587303178631308135",
"3018200365705476605301182116554601993",
"6420698597928211904023905589700018327",
"4837903225659652994195057726413603756",
"69525278581386573656809325595102475467",
"325035940259067012504222201895847386103",
"311076769045797049163895009707638937826",
"86464905528834507614831290596024761271",
"246768602825653831206553748305897171181",
"86581943982539732380777537330213171379",
"327867292626799737776852731001696956510",
"271302530594332220157473755058955561656",
"45780866610219483222391657253722135178",
"188707219644572020049444330752623766405",
"160623757648229900260145248064962663049",
"297609638882992040082083692645027411572",
"158762335211648551940359522845606898975",
"303489669007547327707305747243946164552",
"334087797540359583226625728866182353743",
"39456851190398403873336383536361689848",
"5061869216630355881703523949798831773",
"164626675210803499492045307372711140616",
"4690441673581269876355375338999005532",
"15613556383921681392927587028246834110",
"47982920697339794782163443690033108042",
"202675862216766258252345687695578894212",
"75864251001848929021535781604510667505",
"314703375081631966549474215970673234553",
"173037247205717303652133944661148772387",
"329243072330259438500205364650830114156",
"267702587742755581392400240582507191573",
"313725410371641276062868119392461527964",
"71684941468643183913431112031536192984",
"253581847142487442144932972536058580897",
"265782079289039989211817996059054698194"
],
"threshold": 0.9
}
}
]