CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

IBM Security Bulletins•added 2026/05/21 7:39 p.m.•9 views

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

9.8CVSS7AI score0.00018EPSS

Exploits0Affected Software1

Veracode•added 2026/03/19 11:4 a.m.•4 views

Authentication Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to Authentication Bypass. The vulnerability is due to the default denynullbind parameter being set to false in the LDAP auth method, which allows an attacker to authenticate using anonymous or unauthenticated binds when the LDAP server...

9.8CVSS6AI score0.00018EPSS

Exploits0References6Affected Software1

SUSE CVE•added 2025/12/12 12:49 a.m.•7 views

SUSE CVE-2025-13357

Vault's Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00018EPSS

Exploits0References2

RedhatCVE•added 2025/11/22 3:33 p.m.•7 views

CVE-2025-13357

Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. Thi...

9.8CVSS7.1AI score0.00018EPSS

Exploits0References1