CVE-2023-25000
30.03.2023, 01:15
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hashicorp | vault | 𝑥 < 1.11.9 |
| hashicorp | vault | 𝑥 < 1.11.9 |
| hashicorp | vault | 1.12.0 ≤ 𝑥 < 1.12.5 |
| hashicorp | vault | 1.12.0 ≤ 𝑥 < 1.12.5 |
| hashicorp | vault | 1.13.0 ≤ 𝑥 < 1.13.1 |
| hashicorp | vault | 1.13.0 ≤ 𝑥 < 1.13.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-208 - Observable Timing DiscrepancyTwo separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
References