github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult
and div
functions of shamir.go
because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host.
discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078
github.com/hashicorp/vault/commit/ed08e45069d60fc4452fad7d44bcfd3b2e4c8236
github.com/hashicorp/vault/commit/ed08e45069d60fc4452fad7d44bcfd3b2e4c8236
github.com/hashicorp/vault/commit/ed08e45069d60fc4452fad7d44bcfd3b2e4c8236
security.netapp.com/advisory/ntap-20230526-0008/