CVE-2023-3462 - OpenCVE

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hashicorp	Vault
Redhat	Openshift Data Foundation

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:1.14.0::::-:::
	cpe:2.3:a:hashicorp:vault:1.14.0::::enterprise:::

Package	CPE	Advisory	Released Date
RHODF-4.14-RHEL-9
odf4/rook-ceph-rhel9-operator:v4.14.0-71	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2023:6832	2023-11-08T00:00:00Z
RHODF-4.15-RHEL-9
odf4/odf-rhel9-operator:v4.15.0-19	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2024:1383	2024-03-19T00:00:00Z

References

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714
https://nvd.nist.gov/vuln/detail/CVE-2023-3462
https://www.cve.org/CVERecord?id=CVE-2023-3462

History

No history.

MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-07-31T22:40:23.432Z

Updated: 2024-08-02T06:55:03.557Z

Reserved: 2023-06-29T19:00:52.239Z

Link: CVE-2023-3462

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-31T23:15:10.360

Modified: 2023-08-04T16:50:04.120

Link: CVE-2023-3462

Redhat

Severity : Moderate

Publid Date: 2023-07-31T00:00:00Z

Links: CVE-2023-3462 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3462", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2023-06-29T19:00:52.239Z", "datePublished": "2023-07-31T22:40:23.432Z", "dateUpdated": "2024-08-02T06:55:03.557Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2023-07-31T22:40:23.432Z"}, "title": "Vault's LDAP Auth Method Allows for User Enumeration", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "affected": [{"vendor": "HashiCorp", "product": "Vault", "platforms": ["Windows", "MacOS", "Linux", "x86", "64 bit", "32 bit", "ARM"], "repo": "https://github.com/hashicorp/vault", "versions": [{"status": "affected", "version": "1.13.0", "lessThanOrEqual": "1.13.4", "versionType": "semver"}, {"status": "affected", "version": "1.14.0"}], "defaultStatus": "affected"}, {"vendor": "HashiCorp", "product": "Vault Enterprise", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "versions": [{"status": "affected", "version": "1.13.0", "lessThanOrEqual": "1.13.4", "versionType": "semver"}, {"status": "affected", "version": "1.14.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."}]}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Jared Johnstone", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.557Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "DF8B4175-8E60-4169-9D10-FE924EB1516C", "versionEndExcluding": "1.13.5", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EBC19EB3-A5B0-4165-BB49-763953AC2369", "versionEndExcluding": "1.13.5", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:-:*:*:*", "matchCriteriaId": "3DFB14EC-487C-454C-A712-10085D897748", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."}], "id": "CVE-2023-3462", "lastModified": "2023-08-04T16:50:04.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-07-31T23:15:10.360", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6832", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.14.0-71", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-rhel9-operator:v4.15.0-19", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "Hashicorp/vault: Vault\u2019s LDAP Auth Method Allows for User Enumeration", "id": "2228020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228020"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-203", "details": ["HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", "A flaw was found in the HashiCorp Vault. The Vault and Vault Enterprise (\u201cVault\u201d) LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames."], "name": "CVE-2023-3462", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-installer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2023-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3462\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3462\nhttps://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"], "threat_severity": "Moderate", "upstream_fix": "vault 1.14.1, vault 1.13.5"}