CVE-2021-21253

Source
https://cve.org/CVERecord?id=CVE-2021-21253
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21253.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21253
Related
  • GHSA-wwg8-372v-v332
Published
2021-01-21T15:15:14.580Z
Modified
2026-04-11T23:33:54.088002Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.

References

Affected packages

Git / github.com/bijaythapaa/onlinevotingsystem

Affected ranges

Type
GIT
Repo
https://github.com/bijaythapaa/onlinevotingsystem
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/bijaythapaa/onlinevotingsystem
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Database specific

vanir_signatures
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "212452195434257096603470516502289233056",
                "73329255946250630618081093600264128694",
                "187098038412025143098956115058253056312",
                "235195415626419296409184188578109839168",
                "262341477038192166744558564763495045222",
                "275392602481699689125381672191487932517",
                "291615757046721550400541188796565692004",
                "116879629892254368432378393888702462246",
                "225464278314727805145845043387581712075",
                "80236250736954727888333571137448944531",
                "39970225197738710931015399898272128549",
                "284449932936780086166933414824283218565",
                "319101400122733636937652875487425446784",
                "272585348991892610456234994872383823542"
            ]
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/dao/AdminDaoImpl.java"
        },
        "id": "CVE-2021-21253-29a28af5",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "length": 404.0,
            "function_hash": "18168086374023672965959149198473791123"
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/dao/AdminDaoImpl.java",
            "function": "loginValidate"
        },
        "id": "CVE-2021-21253-3a4025cc",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "length": 815.0,
            "function_hash": "126817065796937212646396074312883588385"
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/controller/AdminLoginController.java",
            "function": "doPost"
        },
        "id": "CVE-2021-21253-414913bb",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "29968344523966234173550873276909078046",
                "324379861840986839421355281341858432739",
                "15350045433493216449461445547568164046",
                "318137686080131927048000880373411017371",
                "132041460228286392914957780743324789072",
                "76165899041477529422312256863182511890",
                "210104400371544540932069674323258024224",
                "172976065521013842880530947402072433934",
                "193989442753706751075287134494754266758",
                "183184833455253544670732622587999229279",
                "27166981882235874102272398103760162008",
                "201984991132305696126896799158022738924",
                "163068511295681844612208653863267890103",
                "135949484278437387966798168795788279135",
                "159815133844737661829887584214694766305",
                "66524955179419261702387179545069147712",
                "43693651672511506419582617180681485734"
            ]
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/controller/SHA256.java"
        },
        "id": "CVE-2021-21253-5765b4dc",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "length": 1202.0,
            "function_hash": "85333574055589321818371283417222157128"
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/controller/VoterLoginController.java",
            "function": "doPost"
        },
        "id": "CVE-2021-21253-7335ee56",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "162009121668622759616190132015518028316",
                "112527160040764369364638176090907424125",
                "299784839238448491148507866430156240023",
                "230404672025667600425617129921822219171",
                "169502637324884175682078065991388829338",
                "233697051972054959726851792889351222590",
                "35740735474386558298778869688986725457",
                "116879629892254368432378393888702462246",
                "308597032098824762260774182013361828331",
                "210218282137635705937836557401734639615",
                "195956763152405560377500792188099223435",
                "331858245937313743346254137108486369880",
                "284449932936780086166933414824283218565",
                "300364352759043791297599166473635606494",
                "97039765081575105349624158598969226231"
            ]
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/dao/VoterDaoImpl.java"
        },
        "id": "CVE-2021-21253-89e0567a",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "177256075224938231141283468951948556907",
                "87865573336285270577663667855861507867",
                "168072990139486674482936604200739046592",
                "231149800523307706446487236299202059297",
                "49779932868808514152714337616319630571",
                "46716147473348969566381346954510605228",
                "116730718750434442780291126806484268795",
                "179140405192407889161249387626325814269",
                "263029390306910397830096951312660217180"
            ]
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/controller/VoterLoginController.java"
        },
        "id": "CVE-2021-21253-9e49b18d",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "length": 356.0,
            "function_hash": "29223079454175463237261552206449488727"
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/controller/SHA256.java",
            "function": "getSHA"
        },
        "id": "CVE-2021-21253-a0edfd12",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "14603902998491316686944014491576230830",
                "178663262463925637831470158350300174246",
                "97945146093040742397993474409592053409",
                "235999263202635200557210713782621979247",
                "191746679874689831793585314821306316586",
                "310861881438502720394300482502969761836",
                "189120075474401797787024997775901185225",
                "265046323092143721061350452136861532317",
                "263029390306910397830096951312660217180"
            ]
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/controller/AdminLoginController.java"
        },
        "id": "CVE-2021-21253-bdeb8214",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    },
    {
        "digest": {
            "length": 460.0,
            "function_hash": "142059448996882922407644847533337841365"
        },
        "target": {
            "file": "src/com/bijay/onlinevotingsystem/dao/VoterDaoImpl.java",
            "function": "loginValidate"
        },
        "id": "CVE-2021-21253-ccc556c5",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"
    }
]
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.1.2"
            }
        ]
    }
]
vanir_signatures_modified
"2026-04-11T23:33:54Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21253.json"