Описание
Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Пакеты
Наименование
github.com/hashicorp/vault
go
Затронутые версииВерсия исправления
>= 1.10.0, < 1.20.1
1.20.1
Связанные уязвимости
CVSS3: 5.7
redhat
5 дней назад
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
CVSS3: 5.7
nvd
5 дней назад
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.