CNNVD-202508-081 Information
CNNVD ID
CNNVD-202508-081
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
HashiCorp Vault Enterprise和HashiCorp Vault Community Edition都是美国HashiCorp公司的产品。HashiCorp Vault Enterprise是一个企业信息归档平台。HashiCorp Vault Community Edition是一款密钥管理工具。 HashiCorp Vault Enterprise和HashiCorp Vault Community Edition存在安全漏洞,该漏洞源于TOTP代码重用,可能导致安全验证绕过。
Description (English)
HashiCorpVault Enterprise and HashiCorpVault Community Equality are products of the United States company HashiCorp. HashiCorp Vault Enterprise is a corporate information archiving platform. HashiCorpVault Commission is a key management tool. There is a security loophole in HashiCorpVault Enterprise and HasiCorpVaultCommmunity Edition, which originates from the reuse of the TOTP code and may lead to a security clearance bypass.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
HashiCorp
Published
2025-08-01
Last Modified
2026-02-24
References
https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036
Patch
https://discuss.hashicorp.com/t/hcsec-2025-17-vault-totp-secrets-engine-code-reuse/76036
Share on: