BIT-vault-2021-32923
Invalid session token expiration vulnerability in vault (Go)
What is BIT-vault-2021-32923 About?
This vulnerability in Hashicorp Vault relates to an invalid session token expiration mechanism. This can lead to unauthorized access or extended session validity, increasing the window for attackers. Exploitation would likely involve leveraging session management flaws.
Affected Software
- github.com/hashicorp/vault
- >1.6.0, <1.6.5
- >0.10.0, <1.5.9
- >1.7.0, <1.7.2
Technical Details
The Hashicorp Vault software contains a flaw where session tokens may not expire correctly or as intended. This 'Invalid session token expiration' issue means that once a session token is issued, it might remain valid for a longer duration than configured or expected, potentially indefinitely. An attacker who obtains such a token, either through interception or other means, could maintain persistent unauthorized access to Vault resources without needing to re-authenticate, thereby bypassing intended security controls around session longevity.
What is the Impact of BIT-vault-2021-32923?
Successful exploitation may allow attackers to maintain persistent unauthorized access to resources, bypass authentication mechanisms, and potentially elevate privileges or access sensitive data.
What is the Exploitability of BIT-vault-2021-32923?
Exploitation would involve obtaining a session token, likely through legitimate means or by intercepting one, and then attempting to use it beyond its intended expiration. The complexity is moderate, as it relies on an underlying implementation flaw in session management rather than direct code injection. Authentication to generate a token is typically required, but subsequent access would be unauthorized. This is often a remote vulnerability, as session tokens are used for remote interaction. The primary risk factor is the continued validity of tokens, which can be exploited if an attacker gains access to any valid token, even an expired one from an end-user perspective.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-vault-2021-32923?
Available Upgrade Options
- github.com/hashicorp/vault
- >0.10.0, <1.5.9 → Upgrade to 1.5.9
- github.com/hashicorp/vault
- >1.6.0, <1.6.5 → Upgrade to 1.6.5
- github.com/hashicorp/vault
- >1.7.0, <1.7.2 → Upgrade to 1.7.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2021-32923
- https://security.gentoo.org/glsa/202207-01
- https://www.hashicorp.com/blog/category/vault
- https://github.com/advisories/GHSA-38j9-7pp9-2hjw
- https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603
- https://www.hashicorp.com/blog/category/vault/
- https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603
- https://osv.dev/vulnerability/GHSA-38j9-7pp9-2hjw
- https://security.gentoo.org/glsa/202207-01
What are Similar Vulnerabilities to BIT-vault-2021-32923?
Similar Vulnerabilities: CVE-2022-22961 , CVE-2021-44228 , CVE-2020-25213 , CVE-2018-1000854 , CVE-2017-5942
