Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

CVE-2023-4680

6.8MEDIUM

Key Information

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 15 September 2023

Summary

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

Affected Version(s)

Vault < 1.14.3

Vault < 1.13.7

Vault < 1.12.11

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 15, 2023
Vulnerability Reserved.
Aug 31, 2023

Collectors

NVD DatabaseMitre Database