How severe is CVE-2021-32791?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-32791?

This is classified as CWE-323, which is a common weakness in software security.

CVE-2021-32791

MEDIUM Year: 2021

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-323

View all →

Vulnerability Description

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines.

CVE-2024-11022

MEDIUM

CVSS:5.6(Medium)

The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore...

CWE-3232024

CVE-2023-37467

MEDIUM

CVSS:5.4(Medium)

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could ...

CWE-3232023

CVE-2022-37660

MEDIUM

CVSS:6.5(Medium)

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. An attacker that successfully bootstrapped public keys with another entity using PKEX in the past, w...

CWE-3232022

CVE-2023-28997

MEDIUM

CVSS:6.5(Medium)

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the c...

CWE-3232023

CVE-2025-46632

MEDIUM

CVSS:6.5(Medium)

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between clie...

CWE-3232025

CVE-2017-13078

MEDIUM

CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points t...

CWE-3232017

CVE-2021-32791

Vulnerability Description

Related Vulnerabilities

CVE-2024-11022

CVE-2023-37467

CVE-2022-37660

CVE-2023-28997

CVE-2025-46632

CVE-2017-13078