Fluid Attacks Database

Description

HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/vault	>=0 <1.11.9 \|\| >=1.12.0 <1.12.5 \|\| >=1.13.0 <1.13.1	1.11.9, 1.12.5, 1.13.1

Aliases

1. CVE-2023-250002. NVD-2023-250003. OSV-2023-250004. GCVE-2023-25000

References

1. https://github.com/hashicorp/vault/pull/194952. https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/520783. https://security.netapp.com/advisory/ntap-20230526-0008

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.