Описание
Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Пакеты
github.com/hashicorp/vault
< 1.20.1
1.20.1
Связанные уязвимости
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Уязвимость платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, связанная с неправильной аутентификацией, позволяющая нарушителю обойти аутентификацию TOTP
