2 matches found
Allocation of Resources Without Limits or Throttling
Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HandlerFunc and ReKey related operations in http/handler.go and vault/core.go. An attacker can start...
Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
Summary Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...