Listen to this Post
How the CVE Works
OpenBao and HashiCorp Vault exposed unauthenticated API endpoints (/v1/sys/rekey-recovery/init, /v1/sys/rekey/init) that allowed attackers to cancel ongoing root/recovery rekey operations without authentication. This flaw bypassed audit logging, enabling denial-of-service (DoS) by disrupting cryptographic rekeying processes. The vulnerability stemmed from missing access controls on these endpoints, permitting any network-adjacent attacker to interfere with administrative functions.
DailyCVE Form
Platform: OpenBao/HashiCorp Vault
Version: < v2.2.2
Vulnerability: Unauthenticated rekey cancellation
Severity: Medium
Date: 2024-XX-XX
Prediction: Patch expected Q3 2024
What Undercode Say
Check OpenBao version: openbao version Mitigation (v2.2.2+): echo 'disable_unauthed_rekey_endpoints=true' >> config.hcl
How Exploit
- Send POST to `/v1/sys/rekey/init` with
{ "cancel": true }.
2. Repeat for recovery endpoint.
Protection from this CVE
- Upgrade to OpenBao ≥ v2.2.2.
- Set
disable_unauthed_rekey_endpoints=true. - Restrict endpoint access via proxy ACLs.
Impact
- DoS via rekey disruption.
- No privilege escalation.
- Limited to network-adjacent attackers.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
