3 matches found
Improper Authentication
github.com/openbao/openbao is vulnerable to improper authentication. The vulnerability is due to unexpected normalization in the underlying TOTP library, which allows an attacker to reuse a valid TOTP code multiple times instead of only once...
GO-2025-3854 OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao
OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
Information Disclosure
github.com/openbao/openbao is vulnerable to information disclosure. The vulnerability is due to improper handling of malformed data, which allows an attacker to potentially access sensitive information through exposed logs...