CNNVD-202508-808 Information

CNNVD ID

CNNVD-202508-808

Related CVE

CVE-2025-54998

• CNNVD Published: 2025-08-09

Description (Chinese)

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 0.1.0至2.3.1版本存在安全漏洞，该漏洞源于Userpass或LDAP认证系统用户锁定机制可被绕过，可能导致暴力破解。

Description (English)

OpenBao is a sensitive data management software for OpenBao open source. OpenBao versions 0.1.0 to 2.3.1 contain a security loophole, which stems from the fact that user lock-in mechanisms of Uservass or LDAP certification systems can be bypassed and can lead to violent breakdowns.

Hazard Level

High

Vulnerability Type

其他

Published

2025-08-09

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-16-vault-userpass-and-ldap-user-lockout-bypass/76035 https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc https://github.com/openbao/openbao/security/advisories/GHSA-j3xv-7fxp-gfhx

Patch

https://github.com/openbao/openbao/releases