CNNVD-202508-402 Information
CNNVD ID
CNNVD-202508-402
Related CVE
- CNNVD Published: 2025-08-06
Description (Chinese)
HashiCorp Vault和HashiCorp Vault Enterprise都是美国HashiCorp公司的产品。HashiCorp Vault是一款私钥访问管理工具。HashiCorp Vault Enterprise是一个企业信息归档平台。 HashiCorp Vault和HashiCorp Vault Enterprise存在安全漏洞,该漏洞源于ldap auth方法未正确执行MFA。
Description (English)
HashiCorp Vault and HashiCorp Vault Enterprise are products of HashiCorp in the United States. HashiCorpVault is a private key access management tool. HashiCorp Vault Enterprise is a corporate information archiving platform. HashiCorp Vault and HashiCorp Vault Enterprise had a security loophole, which stemmed from the incorrect implementation of MFA by the ldap auth method.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
HashiCorp
Published
2025-08-06
Last Modified
2026-02-24
References
https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092 https://access.redhat.com/security/cve/cve-2025-6013
Patch
https://developer.hashicorp.com/vault/docs/upgrade
Share on: