Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HandlerFunc and ReKey related operations in http/handler.go and vault/core.go. An attacker can...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to validating the provided TOTP code during login MFA. An attacker can gain unauthorized access to sensitive data by bypassing internal rate limiting and reusing existing TOTP codes by including whitespace in the TOTP...

PT-2022-17174 · Hashicorp · Vault Enterprise +1

Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions 1.8.0 through 1.8.8 Vault and Vault Enterprise version 1.9.3 Description: The issue allowed the PKI secrets engine to issue wildcard certificates to authorized users for a specified domain, even if the PKI...

PYSEC-2021-853

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...