Jared Johnstone

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vault and Vault Enterprise versions prior to 1.13.5 HashiCorp Vault and Vault Enterprise versions prior to 1.14.1 **Description** The issue allows for user enumeration when using the LDAP auth method. An attacker can submit requests for existent and non-existent LDAP users and observe the response from Vault to determine if the account is valid on the LDAP server. **Recommendations** For versions prior to 1.13.5, update to version 1.13.5 or later to resolve the issue. For versions prior to 1.14.1, update to version 1.14.1 or later to resolve the issue.