HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 12 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published:

Updated: 2025-02-13T16:44:28.625Z

Reserved: 2023-02-01T17:54:13.893Z

Link: CVE-2023-25000

cve-icon Vulnrichment

Updated: 2024-08-02T11:11:43.500Z

cve-icon NVD

Status : Modified

Published: 2023-03-30T01:15:07.493

Modified: 2024-11-21T07:48:54.423

Link: CVE-2023-25000

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-03-30T00:00:00Z

Links: CVE-2023-25000 - Bugzilla

cve-icon OpenCVE Enrichment

No data.