Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations

CVE-2023-25000

4.7MEDIUM

Key Information

Vendor: HashiCorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 30 March 2023

Summary

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Affected Version(s)

Vault < 1.13.1

Vault < 1.12.5

Vault < 1.11.9

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 30, 2023
Vulnerability Reserved.
Feb 1, 2023

Collectors

NVD DatabaseMitre Database

Credit

Giuseppe Cocomazzi