3 matches found
SUSE CVE-2025-13357
Vault's Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
GHSA-GMM6-J2G5-R52M Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default
Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...
PT-2025-47785
Name of the Vulnerable Software and Affected Versions Vault Terraform Provider versions prior to 5.5.0 Description The Vault Terraform Provider was configured with an insecure default setting for the LDAP auth method. Specifically, the deny null bind parameter defaulted to false, which could allo...