CVE-2021-28091
First published: Fri Jun 04 2021(Updated: )
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/lasso | 2.6.0-2+deb10u1 2.6.1-3 2.8.1-1 | |
| Entrovert Lasso | <2.7.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1940089
- https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
- https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
- https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a
- https://security-tracker.debian.org/tracker/CVE-2021-28091
- http://listes.entrouvert.com/arc/lasso/
- https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9
- https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0
- https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SI4YAQF4VEV2KHQ6OXXZL7CJK7IZQ3EG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSVWOHBBWLI2RB5C6TXINFEJRT4YSD3D/
- https://www.debian.org/security/2021/dsa-4926
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SI4YAQF4VEV2KHQ6OXXZL7CJK7IZQ3EG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSVWOHBBWLI2RB5C6TXINFEJRT4YSD3D/
Frequently Asked Questions
What is CVE-2021-28091?
CVE-2021-28091 is a vulnerability in Lasso versions prior to 2.7.0 that allows improper verification of a cryptographic signature.
How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker to bypass cryptographic verification and potentially gain unauthorized access.
What is the severity of CVE-2021-28091?
The severity of CVE-2021-28091 is high with a CVSS severity score of 7.5.
Which software versions are affected by CVE-2021-28091?
Lasso versions prior to 2.7.0 are affected.
How do I fix CVE-2021-28091?
To fix CVE-2021-28091, it is recommended to upgrade to Lasso version 2.7.0 or newer.
- collector/security-tracker-debian
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/entrouvert
- canonical/entrovert lasso
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34