LDAP User Enumeration Vulnerability in HashiCorp Vault

LDAP User Enumeration Vulnerability in HashiCorp Vault

CVE-2020-35177 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

Learn more about our User Device Pen Test.