FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vault -- User Enumeration via LDAP auth

Affected packages
vault < 1.6.1

Details

VuXML ID cc1fd3da-b8fd-4f4d-a092-c38541c0f993
Discovery 2020-12-16
Entry 2020-12-17

Vault developers report:

Vault allowed enumeration of users via the LDAP auth method. This vulnerability, was fixed in Vault 1.6.1 and 1.5.6.

An external party reported that they were able to enumerate LDAP users via error messages returned by Vault’s LDAP auth method

[source]

References

CVE Name CVE-2020-35177
URL https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.