Timing Side-Channel in Vault’s Userpass Auth Method
Summary A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s userpass auth method. This vulnerability, identified as CVE-2025-6011, is...