Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
CVE-2023-25000

5MEDIUM

Key Information:

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 30 March 2023

Summary

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Affected Version(s)

Vault Enterprise Windows 1.13.0 < 1.13.1

Vault Enterprise Windows 1.12.0 < 1.12.5

Vault Enterprise Windows 1.11.0 < 1.11.9

References

https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulne...

https://security.netapp.com/advisory/ntap-20230526-0008/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2023
Vulnerability Reserved
Feb 1, 2023

Credit

Giuseppe Cocomazzi