PT-2022-20232 · Hashicorp · Vault Enterprise+1
Published
2022-05-17
·
Updated
2024-08-21
·
CVE-2022-30689
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HashiCorp Vault and Vault Enterprise versions 1.10.0 through 1.10.2
Description
The issue is related to the improper configuration and enforcement of multi-factor authentication (MFA) on login after server restarts, specifically affecting the Login MFA feature introduced in versions 1.10.0 of HashiCorp Vault and Vault Enterprise. This does not affect the separate Enterprise MFA feature set. The problem was fixed in version 1.10.3.
Recommendations
For HashiCorp Vault and Vault Enterprise versions 1.10.0 through 1.10.2, update to version 1.10.3 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hashicorp Vault
Vault Enterprise