0.001 Low
EPSS
Percentile
38.7%
github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability is possible because the error messages returned by the LDAP auth methold allows user enumeration.
discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984
github.com/hashicorp/vault/blob/master/CHANGELOG.md#161