Количество 3
Количество 3
CVE-2025-55000
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected normalization in the underlying TOTP library. To work around, ensure that all codes are first normalized before submitting to the OpenBao endpoint. TOTP code verification is a privileged action; only trusted systems should be verifying codes.
CVE-2025-55000
OpenBao exists to provide a software solution to manage, store, and di ...
GHSA-f7c3-mhj2-9pvg
OpenBao TOTP Secrets Engine Code Reuse
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-55000 OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected normalization in the underlying TOTP library. To work around, ensure that all codes are first normalized before submitting to the OpenBao endpoint. TOTP code verification is a privileged action; only trusted systems should be verifying codes. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-55000 OpenBao exists to provide a software solution to manage, store, and di ... | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| GHSA-f7c3-mhj2-9pvg OpenBao TOTP Secrets Engine Code Reuse | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу