CVE-2023-25000

Summary

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Affected Software

VendorProductVersion RangeStatus
HashiCorpVault1.13.0 < 1.13.1affected
HashiCorpVault1.12.0 < 1.12.5affected
HashiCorpVault1.11.0 < 1.11.9affected
HashiCorpVault0 < 1.11.0affected
HashiCorpVault Enterprise1.13.0 < 1.13.1affected
HashiCorpVault Enterprise1.12.0 < 1.12.5affected
HashiCorpVault Enterprise1.11.0 < 1.11.9affected
HashiCorpVault Enterprise0 < 1.11.0affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References