Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

CVE-2023-2197

2.5LOW

Key Information

Vendor: HashiCorp
Status: Vault Enterprise
Vendor: CVE Published:; 1 May 2023

Summary

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2

Affected Version(s)

Vault Enterprise <= 1.13.1

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 1, 2023
Vulnerability Reserved.
Apr 20, 2023

Collectors

NVD DatabaseMitre Database