Lucene search
GoogleOSV:CVE-2023-3462HistoryJul 31, 2023 - 11:15 p.m.
CVE-2023-3462
2023-07-3123:15:10
Google
osv.dev
3
hashicorp
vault
ldap
vulnerability
fix
software
user enumeration
attacker
response
HashiCorp’s Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
Related
cgr
cgr
CVE-2023-3462 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-3462
2023-07-31 23:15:10
nvd
nvd
CVE-2023-3462
2023-07-31 23:15:10
github
github
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
2023-08-01 00:30:17
wolfi
wolfi
CVE-2023-3462 vulnerabilities
2024-06-26 09:08:30
redhatcve
redhatcve
CVE-2023-3462
2023-08-01 15:26:43
osv
osv
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
2023-08-01 00:30:17
BIT-vault-2023-3462
2024-03-06 11:08:58
prion
prion
Denial of service
2023-07-31 23:15:00
alpinelinux
alpinelinux
CVE-2023-3462
2023-07-31 23:15:00
cvelist
cvelist
CVE-2023-3462 Vault's LDAP Auth Method Allows for User Enumeration
2023-07-31 22:40:23
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-09-28 07:49:45
redhat
redhat