CVE-2023-4680: HashiCorp Vault Transit Engine Nonce Bypass (1.61.14.3)
CVE-2023-4680 Published on September 15, 2023
Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
Weakness Type
Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
Products Associated with CVE-2023-4680
Want to know whenever a new CVE is published for HashiCorp Vault? stack.watch will email you.
Affected Versions
HashiCorp Vault:- Version 1.14.0 and below 1.14.3 is affected.
- Version 1.13.0 and below 1.13.7 is affected.
- Version 1.12.0 and below 1.12.11 is affected.
- Version 1.6.0 and below 1.12.0 is affected.
- Version 1.14.0 and below 1.14.3 is affected.
- Version 1.13.0 and below 1.13.7 is affected.
- Version 1.12.0 and below 1.12.11 is affected.
- Version 1.6.0 and below 1.12.0 is affected.
- Version 1.14.0 and below 1.14.3 is affected.
- Version 1.13.0 and below 1.13.7 is affected.
- Version 1.12.0 and below 1.12.11 is affected.
- Version 1.6.0 and below 1.12.0 is affected.
- Version 1.14.0 and below 1.14.3 is affected.
- Version 1.13.0 and below 1.13.7 is affected.
- Version 1.12.0 and below 1.12.11 is affected.
- Version 1.6.0 and below 1.12.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.