攻击者可以枚举出LDAP系统中的有效账户
官方漏洞通告:https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714
CVE-2023-3462:https://nvd.nist.gov/vuln/detail/CVE-2023-3462
HashiCorp Vault 安全漏洞:http://123.124.177.30/web/xxk/ldxqById.tag?CNNVD=CNNVD-202307-2326
1.13.0 <= Vault <= 1.13.4 Vault 1.14.0
Vault 1.14.1 Vault 1.13.5
扫一扫订阅