5 matches found
Improper Input Validation
github.com/hashicorp/vault is vulnerable to Improper Input Validation. The vulnerability is due to the transit secrets engine which allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. This could allow an attacker to potentially decrypt arbitrary...
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
Design/Logic Flaw
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...
Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
Summary The Vault and Vault Enterprise “Vault” transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive t...