5 matches found
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-54998 OpenBao Userpass and LDAP User Lockout Bypass
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...
CVE-2025-6004
A flaw was found in github.com/hashicorp/vault. The user lockout feature for Userpass and LDAP authentication methods can be bypassed, allowing an attacker to circumvent account lockout restrictions. This circumvention occurs without requiring prior authentication or knowledge of user credentials...
CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
CVE-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...