Hashicorp · Hashicorp Vault · CVE-2023-3462
**Name of the Vulnerable Software and Affected Versions**
HashiCorp Vault and Vault Enterprise versions prior to 1.13.5
HashiCorp Vault and Vault Enterprise versions prior to 1.14.1
**Description**
The issue allows for user enumeration when using the LDAP auth method. An attacker can submit requests for existent and non-existent LDAP users and observe the response from Vault to determine if the account is valid on the LDAP server.
**Recommendations**
For versions prior to 1.13.5, update to version 1.13.5 or later to resolve the issue.
For versions prior to 1.14.1, update to version 1.14.1 or later to resolve the issue.