CVE-2023-25000Observable Timing Discrepancy in Vault

CWE-208Observable Timing DiscrepancyCWE-203Observable Discrepancy5 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 90.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Hashicorp VaultHashicorp Vault EnterpriseGithub.com Hashicorp Vault
Timeline
PublishedMar 30
Latest updateApr 12

Description

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

CVEListV5hashicorp/vault1.11.01.11.9+1
NVDhashicorp/vault1.12.01.12.5+2
CVEListV5hashicorp/vault_enterprise1.13.01.13.1+3
Gogithub.com/hashicorp_vault1.12.01.12.5+2

Patches

Patch: discuss.hashicorp.comPatch: discuss.hashicorp.com

🔴Vulnerability Details

3
OSV
Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault2023-04-12
OSV
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks2023-03-30
GHSA
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks2023-03-30

📋Vendor Advisories

1
Red Hat
hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations2023-03-30