CVE-2020-35177
https://notcve.org/view.php?id=CVE-2020-35177
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. HashiCorp Vault y Vault Enterprise 1.4.1 y más recientes permitieron la enumeración de usuarios por medio del método de autenticación LDAP. Corregido en versiones 1.5.6 y 1.6.1 • https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2020-35192
https://notcve.org/view.php?id=CVE-2020-35192
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. Las imágenes de docker de official vault versiones anteriores a 0.11.6, contienen una contraseña en blanco para un usuario root. El sistema que usa el contenedor de docker vault implementado por unas versiones afectadas de la imagen de docker puede permitir a un atacante remoto conseguir acceso root con una contraseña en blanco • https://github.com/koharin/koharin2/blob/main/CVE-2020-35192 • CWE-306: Missing Authentication for Critical Function •
CVE-2020-25816
https://notcve.org/view.php?id=CVE-2020-25816
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4. Las versiones 1.0 y posteriores de HashiCorp Vault y Vault Enterprise permitían que los contratos de arrendamiento creados con un testigo de lote sobrevivieran a su TTL porque el tiempo de caducidad no estaba programado correctamente. Corregido en las versiones 1.4.7 y 1.5.4 • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154 https://www.hashicorp.com/blog/category/vault •
CVE-2020-16251 – vault: GCP Auth Method Allows Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-16251
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. HashiCorp Vault y Vault Enterprise versiones 0.8.3 y posteriores, cuando son configuradas con el método de autenticación GCP GCE, pueden ser vulnerables a una omisión de autenticación. Corregido en las versiones 1.2.5, 1.3.8, 1.4.4 y 1.5.1 A flaw was found in Vault and Vault Enterprise (“Vault”). In affected versions of Vault, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and bypass authentication. • http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 https://www.hashicorp.com/blog/category/vault https://access.redhat.com/security/cve/CVE-2020-16251 https://bugzilla.redhat.com/show_bug.cgi?id=2167340 • CWE-287: Improper Authentication •
CVE-2020-16250 – vault: Hashicorp Vault AWS IAM Integration Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-16250
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. HashiCorp Vault y Vault Enterprise versiones 0.7.1 y posteriores, cuando son configuradas con el método de autenticación AWS IAM, pueden ser vulnerables a una omisión de autenticación. Corregido en 1.2.5, 1.3.8, 1.4.4 y 1.5.1.. A flaw was found in Vault and Vault Enterprise (“Vault”). • http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 https://www.hashicorp.com/blog/category/vault https://access.redhat.com/security/cve/CVE-2020-16250 https://bugzilla.redhat.com/show_bug.cgi?id=2167337 • CWE-290: Authentication Bypass by Spoofing CWE-345: Insufficient Verification of Data Authenticity •