Lucene search
K

4 matches found

Veracode
Veracode
added 2025/08/29 12:22 p.m.5 views

Authentication Bypass

github.com/openbao/openbao is vulnerable to Authentication Bypass. The vulnerability is due to using caller-supplied usernames as aliases without normalization when usernameasalias=true in the LDAP auth method, allowing bypass of MFA requirements...

6.5CVSS6.7AI score0.00206EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/11 12:0 a.m.5 views

The vulnerability of the LDAP protocol implementation in HashiCorp’s Vault and Vault Enterprise archiving platforms allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the LDAP protocol implementation in HashiCorp Vault and Vault Enterprise, a platform for archiving corporate information, is related to the improper handling of gaps when processing the usernameasalias parameter. Exploiting this vulnerability can allow an attacker to bypass...

8.5CVSS5.5AI score0.00468EPSS
Exploits0References4Affected Software3
NVD
NVD
added 2025/08/06 10:15 a.m.6 views

CVE-2025-6013

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

8.1CVSS0.00468EPSS
Exploits0References1
OSV
OSV
added 2025/08/06 10:15 a.m.2 views

CVE-2025-6013

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

8.1CVSS6.5AI score
Exploits0References1
Rows per page
Query Builder