TLS Certificate Validation Bypass in HashiCorp Vault and Vault Enterprise Cassandra Integrations

TLS Certificate Validation Bypass in HashiCorp Vault and Vault Enterprise Cassandra Integrations

CVE-2021-27400 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

Learn more about our Cis Benchmark Audit For Apache Cassandra.