Improper authentication in HashiCorp Vault



Published: 2022-10-12
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-41316
CWE-ID CWE-287
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Vault
Web applications / Modules and components for CMS

Vault Enterprise
Web applications / Modules and components for CMS

Vendor HashiCorp

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Authentication

EUVDB-ID: #VU68254

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41316

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the Certificate Revocation Lists (CRLs) implementation, which prevented Vault from denying access to users with revoked certificates without application reboot. As a result, when using TLS certificate authentication, Vault did not correctly perform CRL revocation checks if login occurred between Vault startup (or invalidation) and a manual retrieval of the CRL, allowing users to continue using the application with revoked certificates.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vault: 1.9.0 - 1.11.3

Vault Enterprise: 1.9.0 - 1.11.3

External links

http://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###