#VU88186 Improper Certificate Validation in Vault and Vault Enterprise - CVE-2024-2660

Cybersecurity Help s.r.o.

Published: 2024-04-05

Vulnerability identifier: #VU88186

Vulnerability risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-2660

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vault
Web applications / Modules and components for CMS
Vault Enterprise
Web applications / Modules and components for CMS

Vendor: HashiCorp

Description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to the TLS certificates auth method does not correctly validate OCSP responses when one or more OCSP sources were configured. A remote attacker can successfully authenticate via Vault’s TLS certificate authentication method with incorrect certificate status information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vault: 1.14.0 - 1.16.0

Vault Enterprise: 1.14.0 - 1.16.0

External links
https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Pak for AIOps

TLS authentication bypass in HashiCorp Vault and Vault Enterprise