vault -- User Enumeration via LDAP auth
Vault developers report:
Vault allowed enumeration of users via the LDAP auth method. This vulnerability, was fixed in Vault 1.6.1 and 1.5.6.
An external party reported that they were able to enumerate LDAP users via error messages returned by Vault’s LDAP auth method
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright