CNNVD-202508-810 Information
CNNVD ID
CNNVD-202508-810
Related CVE
- CNNVD Published: 2025-08-09
Description (Chinese)
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.3.1及之前版本存在安全漏洞,该漏洞源于TOTP库对包含空白的代码进行了规范化处理,可能导致绕过内部速率限制和重用现有MFA代码。
Description (English)
OpenBao is a sensitive data management software for OpenBao open source. OpenBao 2.3.1 and previous versions have a security loophole, which stems from the normative processing of blank codes in the TOTP library, which may lead to circumventing internal speed limits and reusing existing MFA codes.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenBao
Published
2025-08-09
Last Modified
2026-02-24
References
https://github.com/openbao/openbao/security/advisories/GHSA-rxp7-9q75-vj3p https://discuss.hashicorp.com/t/hcsec-2025-19-vault-login-mfa-bypass-of-rate-limiting-and-totp-token-reuse/76038 https://github.com/openbao/openbao/commit/8340a6918f6c41d8f75b6c3845c376d9dc32ed19 https://access.redhat.com/security/cve/cve-2025-55003
Patch
https://github.com/openbao/openbao/releases
Share on: