2167457 – vault: Generation of weak initialization vector

Bug 2167457 - vault: Generation of weak initialization vector

Summary: vault: Generation of weak initialization vector

Keywords:
Status:	NEW
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2167760
Blocks:	2167459
TreeView+	depends on / blocked

Reported:	2023-02-06 16:43 UTC by Pedro Sampaio
Modified:	2023-08-03 08:31 UTC (History)
CC List:	14 users (show)
Fixed In Version:	vault 0.11.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-02-06 16:43:31 UTC

Prior version 0.11.1, Hashicorp Vault was not properly checking the error code when reading random bytes for the IV for AES operations in its cryptographic barrier. Specifically, this means that such an IV could potentially be zero multiple times, causing nonce re-use and weakening the security of the key. On most platforms this should never happen because reading from kernel random sources is non-blocking and always successful, but there may be platform-specific behavior that has not been accounted for. (Vault has tests to check exactly this, and the tests have never seen nonce re-use.)

References:

https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#0111-september-6th-2018

Note You need to log in before you can comment on or make changes to this bug.