5 matches found
Authentication Bypass
github.com/hashicorp/vault is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of the user lockout feature due to flaws in the Userpass and LDAP authentication methods that allow lockout bypass...
GO-2025-3854 OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao
OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
BIT-VAULT-2025-6004 Vault Userpass and LDAP User Lockout Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
GHSA-QGJ7-FMQ2-6CC4 Hashicorp Vault has Lockout Feature Authentication Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
Hashicorp Vault has Lockout Feature Authentication Bypass
Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...