CVE-2021-21253
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Summary
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| dbijaya | OnlineVotingSystem | < 1.1.2 | affected |
Weaknesses
- CWE-759: CWE-759 Use of a One-Way Hash without a Salt
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332
- https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09
References
- https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332
- https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.