Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

Incorrect TLS certificate auth method in Vault

Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти процесс аутентификации

Множественные уязвимости vault