2 matches found
CVE-2025-54999
CVE-2025-54999 affects OpenBao (versions 0.1.0–2.3.1) via the userpass authentication method, enabling user enumeration due to timing differences between non-existent users and those with credentials. This timing side-channel is independent of credential validity. The issue is fixed in version 2....
OpenBao has a Timing Side-Channel in the Userpass Auth Method
Impact When using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of whether the supplied credentials were valid for the given user. Patches OpenBao v2.3.2 will patch this issu...