CVE-2023-4680Reusing a Nonce, Key Pair in Encryption in Vault

CWE-323Reusing a Nonce, Key Pair in EncryptionCWE-20Improper Input Validation6 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
1.5%
top 18.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Hashicorp VaultHashicorp Vault EnterpriseGithub.com Hashicorp Vault
Timeline
PublishedSep 15
Latest updateAug 21

Description

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages4 packages

CVEListV5hashicorp/vault_enterprise1.14.01.14.3+3
CVEListV5hashicorp/vault1.12.01.12.11+1
NVDhashicorp/vault1.6.01.12.11+2
Gogithub.com/hashicorp_vault1.6.01.12.11+2

🔴Vulnerability Details

3
OSV
HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault2024-08-21
OSV
HashiCorp Vault Improper Input Validation vulnerability2023-09-15
GHSA
HashiCorp Vault Improper Input Validation vulnerability2023-09-15

📋Vendor Advisories

1
Red Hat
vault: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault2023-11-06