Lucene search
+L

8 matches found

ibm
ibm
added 2026/05/21 7:39 p.m.12 views

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

9.8CVSS7AI score0.00503EPSS
Exploits0Affected Software1
veracode
veracode
added 2026/03/19 11:4 a.m.8 views

Authentication Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to Authentication Bypass. The vulnerability is due to the default denynullbind parameter being set to false in the LDAP auth method, which allows an attacker to authenticate using anonymous or unauthenticated binds when the LDAP server...

9.8CVSS6AI score0.00503EPSS
Exploits0References6Affected Software1
susecve
susecve
added 2025/12/12 12:49 a.m.30 views

SUSE CVE-2025-13357

Vault's Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00503EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/11/22 3:33 p.m.9 views

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00503EPSS
Exploits0References1
euvd
euvd
added 2025/11/21 3:31 p.m.8 views

EUVD-2025-198491

Vault’s Terraform Provider incorrectly set default denynullbind parameter for LDAP auth method to false by default...

7.4CVSS6.4AI score0.00503EPSS
Exploits0References5
github
github
added 2025/11/21 3:31 p.m.11 views

Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00503EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2025/11/21 3:15 p.m.14 views

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS0.00503EPSS
Exploits0References1
hashicorp
hashicorp
added 2025/11/21 2:23 p.m.13 views

Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication...

9.8CVSS6.2AI score0.00503EPSS
Exploits0Affected Software1
Rows per page
Query Builder