0.0004 Low
EPSS
Percentile
9.0%
vault is vulnerable to Inadequate Encryption Strength. Using a HSM in with the ‘CKM_AES_CBC_PAD’ or ‘CKM_AES_CBC’ encryption results in a padding oracle attack where the attacker could gain access to the vaults root key.
discuss.hashicorp.com/t/hcsec-2023-14-vault-enterprise-vulnerable-to-padding-oracle-attacks-when-using-a-cbc-based-encryption-mechanism-with-a-hsm/53322
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
security.netapp.com/advisory/ntap-20230609-0007/