CVE-2025-6013
06.08.2025, 10:15
Vault and Vault Enterprises (Vault) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.