2 matches found
BIT-VAULT-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCredentials. An attacker can impersonate a trusted client by crafting a malicious certificate when a non-CA certificate is used as a trusted certificate. Remediation Upgrade...