CVE-2023-4680

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*

History

26 Sep 2024, 17:15

Type Values Removed Values Added
CWE CWE-323

20 Sep 2023, 14:55

Type Values Removed Values Added
CWE CWE-20
First Time Hashicorp vault
Hashicorp
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
CPE cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
References (MISC) https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 - (MISC) https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 - Vendor Advisory

15 Sep 2023, 00:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-15 00:15

Updated : 2024-09-26 17:15


NVD link : CVE-2023-4680

Mitre link : CVE-2023-4680

CVE.ORG link : CVE-2023-4680


JSON object : View

Products Affected

hashicorp

  • vault
CWE
CWE-20

Improper Input Validation

CWE-323

Reusing a Nonce, Key Pair in Encryption