Timing Side-channel Attacks

github.com/hashicorp/vault is vulnerable to Timing side-channel Attacks. The vulnerability is due to differences in response timing in the Userpass auth method, which allows an attacker to distinguish between valid and invalid usernames and potentially enumerate existing accounts...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the pathLoginAliasLookahead implementation. An attacker can gain unauthorized access and bypass authentication restrictions by leveraging inconsistent case-sensitivity checks. Remediation Upgrad...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via pathLogin. An attacker can determine whether a username exists by measuring response times. Remediation Upgrade github.com/hashicorp/vault/builtin/credential/userpass to version 1.20.1 or higher. References - GitHub...

CVE-2025-6011

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6011 Timing Side-Channel in Vault’s Userpass Auth Method

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6004

CVE-2025-6004 describes a bypass of Vault’s user lockout feature for Userpass and LDAP authentication. Root cause details are not fully enumerated in the provided docs, but fixes are stated: Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23 address the issue...