CNNVD-202508-813 Information
CNNVD ID
CNNVD-202508-813
Related CVE
- CNNVD Published: 2025-08-09
Description (Chinese)
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.3.1及之前版本存在安全漏洞,该漏洞源于LDAP认证方法中username_as_alias参数使用不当,可能导致MFA要求被绕过。
Description (English)
OpenBao is a sensitive data management software for OpenBao open source. OpenBao 2.3.1 and previous versions have a security loophole, which stems from the inappropriate use of username as lias parameters in the LDAP authentication method, which may result in MFA requirements being bypassed.
Hazard Level
High
Vulnerability Type
其他
Published
2025-08-09
Last Modified
2026-02-24
References
https://discuss.hashicorp.com/t/hcsec-2025-20-vault-ldap-mfa-enforcement-bypass-when-using-username-as-alias/76092 https://github.com/openbao/openbao/commit/c52795c1ef746c7f2c510f9225aa8ccbbd44f9fc https://github.com/openbao/openbao/security/advisories/GHSA-2q8q-8fgw-9p6p https://access.redhat.com/security/cve/cve-2025-55001
Patch
https://github.com/openbao/openbao/releases
Share on: