| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Certificate verification bypass |
|
| Description |
| + |
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1. |
|
| References |
| + |
https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463 |
| + |
https://github.com/hashicorp/vault/pull/11365 |
| + |
https://github.com/hashicorp/vault/commit/9c9675fd201df1780432f52bbf7dacfe1daf4dce |
|
| Notes |
|