---

CVE-2020-35177 - log back

CVE-2020-35177 edited at 17 Dec 2020 14:54:37
References	- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 + https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 https://github.com/hashicorp/vault/pull/10537 https://github.com/hashicorp/vault/commit/5f8c7d2502246063d5846841146c68fa60d9bc68

CVE-2020-35177 edited at 17 Dec 2020 14:51:09
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
References	+ https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 + https://github.com/hashicorp/vault/pull/10537 + https://github.com/hashicorp/vault/commit/5f8c7d2502246063d5846841146c68fa60d9bc68
Notes

CVE-2020-35177 created at 17 Dec 2020 14:48:44