Описание
Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
HashiCorp Vault ldap auth method may not have correctly enforced MFA
Уязвимость реализации протокола LDAP платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3