{"id":"CVE-2021-21253","details":"OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables to crack passwords. This problem is fixed and published in version 1.1.2. A long randomly generated salt is added to the password hash function to better protect passwords stored in the voting system.","modified":"2026-04-11T23:33:54.088002Z","published":"2021-01-21T15:15:14.580Z","related":["GHSA-wwg8-372v-v332"],"references":[{"type":"ADVISORY","url":"https://github.com/dbijaya/OnlineVotingSystem/security/advisories/GHSA-wwg8-372v-v332"},{"type":"FIX","url":"https://github.com/dbijaya/OnlineVotingSystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bijaythapaa/onlinevotingsystem","events":[{"introduced":"0"},{"fixed":"0181cb0272857696c8eb3e44fcf6cb014ff90f09"}]},{"type":"GIT","repo":"https://github.com/bijaythapaa/onlinevotingsystem","events":[{"introduced":"0"},{"fixed":"0181cb0272857696c8eb3e44fcf6cb014ff90f09"}]}],"database_specific":{"vanir_signatures":[{"id":"CVE-2021-21253-29a28af5","target":{"file":"src/com/bijay/onlinevotingsystem/dao/AdminDaoImpl.java"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["212452195434257096603470516502289233056","73329255946250630618081093600264128694","187098038412025143098956115058253056312","235195415626419296409184188578109839168","262341477038192166744558564763495045222","275392602481699689125381672191487932517","291615757046721550400541188796565692004","116879629892254368432378393888702462246","225464278314727805145845043387581712075","80236250736954727888333571137448944531","39970225197738710931015399898272128549","284449932936780086166933414824283218565","319101400122733636937652875487425446784","272585348991892610456234994872383823542"]},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Line"},{"id":"CVE-2021-21253-3a4025cc","target":{"file":"src/com/bijay/onlinevotingsystem/dao/AdminDaoImpl.java","function":"loginValidate"},"signature_version":"v1","deprecated":false,"digest":{"length":404,"function_hash":"18168086374023672965959149198473791123"},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Function"},{"id":"CVE-2021-21253-414913bb","target":{"file":"src/com/bijay/onlinevotingsystem/controller/AdminLoginController.java","function":"doPost"},"signature_version":"v1","deprecated":false,"digest":{"length":815,"function_hash":"126817065796937212646396074312883588385"},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Function"},{"id":"CVE-2021-21253-5765b4dc","target":{"file":"src/com/bijay/onlinevotingsystem/controller/SHA256.java"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["29968344523966234173550873276909078046","324379861840986839421355281341858432739","15350045433493216449461445547568164046","318137686080131927048000880373411017371","132041460228286392914957780743324789072","76165899041477529422312256863182511890","210104400371544540932069674323258024224","172976065521013842880530947402072433934","193989442753706751075287134494754266758","183184833455253544670732622587999229279","27166981882235874102272398103760162008","201984991132305696126896799158022738924","163068511295681844612208653863267890103","135949484278437387966798168795788279135","159815133844737661829887584214694766305","66524955179419261702387179545069147712","43693651672511506419582617180681485734"]},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Line"},{"id":"CVE-2021-21253-7335ee56","target":{"file":"src/com/bijay/onlinevotingsystem/controller/VoterLoginController.java","function":"doPost"},"signature_version":"v1","deprecated":false,"digest":{"length":1202,"function_hash":"85333574055589321818371283417222157128"},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Function"},{"id":"CVE-2021-21253-89e0567a","target":{"file":"src/com/bijay/onlinevotingsystem/dao/VoterDaoImpl.java"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["162009121668622759616190132015518028316","112527160040764369364638176090907424125","299784839238448491148507866430156240023","230404672025667600425617129921822219171","169502637324884175682078065991388829338","233697051972054959726851792889351222590","35740735474386558298778869688986725457","116879629892254368432378393888702462246","308597032098824762260774182013361828331","210218282137635705937836557401734639615","195956763152405560377500792188099223435","331858245937313743346254137108486369880","284449932936780086166933414824283218565","300364352759043791297599166473635606494","97039765081575105349624158598969226231"]},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Line"},{"id":"CVE-2021-21253-9e49b18d","target":{"file":"src/com/bijay/onlinevotingsystem/controller/VoterLoginController.java"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["177256075224938231141283468951948556907","87865573336285270577663667855861507867","168072990139486674482936604200739046592","231149800523307706446487236299202059297","49779932868808514152714337616319630571","46716147473348969566381346954510605228","116730718750434442780291126806484268795","179140405192407889161249387626325814269","263029390306910397830096951312660217180"]},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Line"},{"id":"CVE-2021-21253-a0edfd12","target":{"file":"src/com/bijay/onlinevotingsystem/controller/SHA256.java","function":"getSHA"},"signature_version":"v1","deprecated":false,"digest":{"length":356,"function_hash":"29223079454175463237261552206449488727"},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Function"},{"id":"CVE-2021-21253-bdeb8214","target":{"file":"src/com/bijay/onlinevotingsystem/controller/AdminLoginController.java"},"signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["14603902998491316686944014491576230830","178663262463925637831470158350300174246","97945146093040742397993474409592053409","235999263202635200557210713782621979247","191746679874689831793585314821306316586","310861881438502720394300482502969761836","189120075474401797787024997775901185225","265046323092143721061350452136861532317","263029390306910397830096951312660217180"]},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Line"},{"id":"CVE-2021-21253-ccc556c5","target":{"file":"src/com/bijay/onlinevotingsystem/dao/VoterDaoImpl.java","function":"loginValidate"},"signature_version":"v1","deprecated":false,"digest":{"length":460,"function_hash":"142059448996882922407644847533337841365"},"source":"https://github.com/bijaythapaa/onlinevotingsystem/commit/0181cb0272857696c8eb3e44fcf6cb014ff90f09","signature_type":"Function"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.2"}]},{"events":[{"introduced":"0"},{"fixed":"1.1.2"}]}],"vanir_signatures_modified":"2026-04-11T23:33:54Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21253.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}