vulnerability
FreeBSD: VID-CC1FD3DA-B8FD-4F4D-A092-C38541C0F993 (CVE-2020-35177): vault -- User Enumeration via LDAP auth
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Dec 16, 2020 | Dec 18, 2020 | Mar 8, 2021 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 16, 2020
Added
Dec 18, 2020
Modified
Mar 8, 2021
Description
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
Solution
freebsd-upgrade-package-vault
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.