{"id":"CVE-2021-20179","details":"A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.","modified":"2026-05-18T13:49:28.204930Z","published":"2021-03-15T13:15:14.887Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"32"},{"last_affected":"33"},{"last_affected":"34"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}],"cpes":["cpe:2.3:a:redhat:certificate_system:10.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:certificate_system"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"},{"last_affected":"8.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914379"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/pull/3474"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/pull/3475"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/pull/3476"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/pull/3477"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/pull/3478"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dogtagpki/pki","events":[{"introduced":"0"},{"fixed":"76eca860d5d87b78156d1478306e8efab0c2c9e1"},{"introduced":"19b6caa4ff33ccc2f1151822318630b27ea31847"},{"fixed":"0c65d43a5fa5997a8fd86fbfd05cd50a051bb254"},{"introduced":"c523b56ec57e56cf172d68e5bd4dabf7242ed95e"},{"fixed":"b047c13247fbc7a0d330b598ed87dfec0bb26cb7"},{"introduced":"f4b72edb5c703c0a8aae64ae07970407c83f656c"},{"fixed":"61297c6f97cb0e850a76307d1200b4a7c63f001c"},{"introduced":"40a2af930a238e42b0722f27deab58046255956f"},{"fixed":"6be3018aa3830fa72c7c40ca59d5df1a2661d29f"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"10.5.0"},{"introduced":"10.5.1"},{"fixed":"10.8.0"},{"introduced":"10.8.1"},{"fixed":"10.9.0"},{"introduced":"10.9.1"},{"fixed":"10.10.0"},{"introduced":"10.10.1"},{"fixed":"10.11.0"}],"cpe":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*"}}],"versions":["v10.11.0-alpha3","v10.10.1","v10.10.0-b1","v10.9.0","v10.9.0-b4","v10.9.0-b3","v10.9.0-b2","v10.9.0-b1","v10.9.0-a2","v10.9.0-a1","v10.8.2","v10.8.1","v10.8.0-b3","v10.8.0-b2","v10.8.0-b1","v10.8.0-a2","v10.8.0-a1","v10.7.2","v10.7.1","v10.7.0","v10.6.9","v10.6.8","v10.6.7","v10.6.6","v10.6.5","v10.6.4","v10.6.3","v10.6.2","v10.6.1","v10.6.0-rc","v10.6.0","v10.6.0-beta2","v10.6.0-beta","v10.5.3","v10.5.2","v10.5.1","DOGTAG_10_5_1_FEDORA_27","v10.4.8","DOGTAG_10_4_8_FEDORA_27","v10.4.7","DOGTAG_10_4_FEDORA_27_20170612","DOGTAG_10_4_FEDORA_27_20170605","v10.4.6","DOGTAG_10_4_FEDORA_27_20170530","v10.4.5","DOGTAG_10_4_FEDORA_27_20170522","v10.4.4","DOGTAG_10_4_FEDORA_27_20170509","v10.4.3","DOGTAG_10_4_FEDORA_27_20170501","v10.4.2","DOGTAG_10_4_FEDORA_27_20170413","v10.4.1","DOGTAG_10_4_FEDORA_27_20170331","v10.3.5","DOGTAG_10_3_5_FEDORA_24_20160808","v10.3.4","DOGTAG_10_3_4_FEDORA_24_20160705","v10.3.3","DOGTAG_10_3_3_FEDORA_24_20160620","v10.3.2","DOGTAG_10_3_2_FEDORA_24_20160607","v10.3.1","DOGTAG_10_3_1_FEDORA_24_20160517","v10.3.0","DOGTAG_10_3_0_FEDORA_24_20160516","DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418","DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407","DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307","DOGTAG_10_2_20150808","v10.2.6","DOGTAG_10_2_6_FEDORA_22_23_20150718","v10.2.5","DOGTAG_10_2_5_FEDORA_22_20150619","v10.2.4","DOGTAG_10_2_4_FEDORA_22_20150526","v10.2.3","DOGTAG_10_2_3_FEDORA_22_20150423","v10.2.2","DOGTAG_10_2_2_FEDORA_22_20150318","v10.2.1","DOGTAG_10_2_1_FEDORA_22_20150108","v10.2.0","pki-core-10.2.0-3","pki-core-10.2.1-0.1","DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909","v10.1.0","DOGTAG_10_1_0_GA_FEDORA_20_20131121","DOGTAG_10_1_0_BETA_FEDORA_20_20131111","DOGTAG_10_1_0_BETA_20131111","v10.0.2","DOGTAG_10_0_2_FEDORA_18_19_20130507","DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314"],"database_specific":{"vanir_signatures_modified":"2026-05-18T13:49:28Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20179.json","vanir_signatures":[{"id":"CVE-2021-20179-0e072b73","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java","function":"verifyIdentityProofV2"},"signature_version":"v1","signature_type":"Function","digest":{"length":3015,"function_hash":"54441090051344207658464347745658218676"}},{"id":"CVE-2021-20179-1e78e448","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java","function":"verifyIdentityProof"},"signature_version":"v1","signature_type":"Function","digest":{"length":829,"function_hash":"267018600434706295510743686978640798941"}},{"id":"CVE-2021-20179-268c442b","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["119813781229324719465313604325063390269","206579920754492837520605722674312188420","31471128647666411309927597957641968389","236593227366929023468853601517933302588"],"threshold":0.9}},{"id":"CVE-2021-20179-4d06a761","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java","function":"getSharedToken"},"signature_version":"v1","signature_type":"Function","digest":{"length":53,"function_hash":"12689657080330388549508721726172619013"}},{"id":"CVE-2021-20179-57c99527","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java","function":"parseCMC"},"signature_version":"v1","signature_type":"Function","digest":{"length":10854,"function_hash":"14311530824467759106340831820783250661"}},{"id":"CVE-2021-20179-60a5257c","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["50144740268872901546136653841520583177","157364451672809884236380347927282077634","286762480023792017995463183207496472328","137513397201890692704452698109573539717","54271539251415235809337371228940753959","309458631363004085951422150991746675258","71503426634761926329883259007057384172","100450703639452172375077118784693471768","185835210118615544719982733345860748853","323697539945578420401655401602005157002","188503033638314928927138920549815677178","214581713375578823003313357546228527745","114914276076095433563029652036109798336","262711987658178949980891729485104824811","257883204061265672379817241921416043568","24707254884296723604763332112163303457","161161174502385851485937006415582749115","123132503857464606356865965461202562359","105804241195163931573106156640193574404","23656071757665765726709527721861361317","265094617384277724864081164491128085764","244398265112699885350560316147978529416","33215573704021033201110354447348235652","196404215315973092989303383189873195084","267532530041463613252806521376931794529","209648221920670521511055588884310052387","301512705665494368527148634045170792800","103694432522112642664342482391048141244","192292217185827076556157486985066711430","156311962408448250793023456567689400029","122878366457563782800986425178346380200","9864411241884671399447032718777930731","274731201829344058397830329142725972736","336418381420163807704055368209052550618","118881558664310293864279327064474115395","244398265112699885350560316147978529416","33215573704021033201110354447348235652","196404215315973092989303383189873195084","267532530041463613252806521376931794529","192766215898889730021493303869599686912","330986097576157884324815935760977256585","139362054834113592051940966138013100440","241134828259685449172865651230173883751","244398265112699885350560316147978529416","33215573704021033201110354447348235652","196404215315973092989303383189873195084","267532530041463613252806521376931794529","123721251436716656669036209524643212488","338514760006221142751033281873476219464","35608510172827457835914000442235156765","267532530041463613252806521376931794529","244398265112699885350560316147978529416","33215573704021033201110354447348235652","196404215315973092989303383189873195084","267532530041463613252806521376931794529"],"threshold":0.9}},{"id":"CVE-2021-20179-85af8634","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java","function":"getSharedToken"},"signature_version":"v1","signature_type":"Function","digest":{"length":53,"function_hash":"12689657080330388549508721726172619013"}},{"id":"CVE-2021-20179-89f19320","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java","function":"getSharedToken"},"signature_version":"v1","signature_type":"Function","digest":{"length":53,"function_hash":"12689657080330388549508721726172619013"}},{"id":"CVE-2021-20179-d007f827","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java","function":"processRevokeRequestControl"},"signature_version":"v1","signature_type":"Function","digest":{"length":9656,"function_hash":"94658207559501344702699919584237026986"}},{"id":"CVE-2021-20179-d2ee1191","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/authentication/SharedSecret.java"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["40543520480285361036539646410038733761","322032398141534520799546586689609336359","46886620083830573160383508621173920516","97284293869157049197856153008923772401","266900006614232023223387233289339380813","41027890830023762814008282449752983961","111354172753204167009147910873213388338","184555203992817163265883806226029989386","100490924935808709465894471637372409280","157152284460672020540227771512934965967","155142603302352475479865365358847571566","221952727816058612343788280605687244295","70989293930921670820435380612273921945","146237705984622802142744974023505748300"],"threshold":0.9}},{"id":"CVE-2021-20179-d602d2a1","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java","function":"verifyPOPLinkWitness"},"signature_version":"v1","signature_type":"Function","digest":{"length":4171,"function_hash":"111801778379045295498133402246480541998"}},{"id":"CVE-2021-20179-d8114c2f","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["163835842624781851739181320421040215129","265875468282026093727255952513226828390","209102383531827590460847278479814323049","182316408652740175600242013118786370975","278046553589849576516931702707368109910","86028493144529377736739411061103010241","171198369597291849209618054552954124173","284392829812720329494699497690181617287","67499473274737491505648515351428715217","30193726965232511532594495139232108022","3629729629047234585115427899292537922","134332525048136160939394749592903139764","81161717364690787297930105459746258508","269392733657291065880830972624127817653","225860176437471810647406136693567028001","39779913459784007126306716519928452895","188698201778610910063817353351759557092","14404776855260631664680515681637477491","99378878044714875427914106561257901152","173379735910542132840489802265438670201","32291026433108107253148568013595179081","200214202728817306323379053459123350635","22304483177027485545900769922129222663","311090135474545892769497642648526323381","12425037541972439151899000449509934257","6771664669985811192980285030486295375","164341568488217941451999977285098118399","248464425685485258248379522558043852515","223827585546454875134223437677823975099","303711474199398221697516750158549814845","188212213911419429505301025033209891240","284260655329569781144525243671321009799","81150106811507441343044557683340366814","167020543777571911603092342804119077123","69964463990909638200156974638889780755","247881134038911712807116126304545780534","183861919522288618511771048541520629292","27621150179471996960634266908173230329","181920715127620437739178262164188008540","126115122399690201426718650376584636359","182475809366116504409062933771655734081","280074662233799684560148110250837705963","138714835252680550953272158586528478128","330272039751844899701044824700770996435","17310609658228987385845136063127115882","58348755128184205719806981283760507634","303711474199398221697516750158549814845","188212213911419429505301025033209891240","284260655329569781144525243671321009799","81150106811507441343044557683340366814","167020543777571911603092342804119077123","69964463990909638200156974638889780755","136448609178206497140496561158490051959","129485178381517745178676049366629197845","40760792347920281043931772270927714148","62469226118349430158949424464958440100","89812713404785594966162343316855776670","324438994247380312015649271039653635107","269806947251368483827661079309776957454","247128680990419752453666972654738888597","142216477827848865708896225206597623550","129244676144747966278269234567221201472","143121362268867898787498719609851649249","292341732921394426624114066835744693036","256420741915177142533598164674056994623","44603911492258006105838587662161251544","169198212935284010246227494904470202506","101521285141261538414284793309757418264","142646645035670939983719684956039336393","103472734126665603748011102635443036665","33996475952153791004194958304445115269","129746748653360315789558498214966478067","258263505757579088334908426956793454642","92295668062533292458723089333790410935","150673452980281351467069455289685366304","298923929779462677482207645866514282481","260609637900324946451912009204555312925","77375614963883025703376678885873749516"],"threshold":0.9}},{"id":"CVE-2021-20179-f3ef3436","source":"https://github.com/dogtagpki/pki/commit/76eca860d5d87b78156d1478306e8efab0c2c9e1","deprecated":false,"target":{"file":"base/common/src/com/netscape/certsrv/authentication/ISharedToken.java"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["46158336906357841741512425187361986031","190845056726524464162345985391662095895","65201681009416908667148910607291092551","63062489232850265668719462466355053669","222093830415502826019611763240493470585"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}