OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse

Impact OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the M...

CVE-2025-6013

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

Unable to Login to Web UI After Enabling MFA

Article Applicability This article is regarding a issue that was discovered in Veeam Recovery Orchestrator build 7.2.1.286, which was available for download between 2025-07-08 and 2025-07-17. The issue documented in this article was discovered, confirmed, and patched and a new build was released...

After enabling MFA and FAS users may be unable to sign to Storefront published app with Anonymous account in other domain

After enabling MFA and FAS users may be unable to sign to Storefront published app with Anonymous account in other domain, with error "Incorrect Pin" Scenario: You may have Storefront, FAS Federated Authentication Service and VDAs in Domain A and there is another Domain Bhaving StoreFront and its...