Bug 1968032 (CVE-2021-32923) - CVE-2021-32923 vault: Token leases incorrectly treated as non-expiring
Summary: CVE-2021-32923 vault: Token leases incorrectly treated as non-expiring
Keywords:
Status: NEW
Alias: CVE-2021-32923
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1969939 2170357 2170358 2170359
Blocks: 1968033
TreeView+ depends on / blocked
 
Reported: 2021-06-04 18:18 UTC by Pedro Sampaio
Modified: 2023-10-25 17:21 UTC (History)
20 users (show)

Fixed In Version: vault 1.5.9, vault 1.6.5, vault 1.7.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted request, an attacker can bypass authentication validation and gain access to the system.
Clone Of:
Environment:
Last Closed: 2021-10-28 18:13:39 UTC
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2021-06-04 18:18:40 UTC 
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.

References:

https://www.hashicorp.com/blog/category/vault/
https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603
Note You need to log in before you can comment on or make changes to this bug.