Bulletin ID: HCSEC-2025-15
Affected Products / Versions: Vault Community Edition up to 1.20.0, fixed in 1.20.1.
Vault Enterprise up to 1.20.0, 1.19.6, 1.18.11, 1.16.22, 1.15.15, fixed in 1.20.1, 1.19.7, 1.18.12, and 1.16.23
Publication Date: August 1, 2025
Summary
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s userpass auth method. This vulnerability, identified as CVE-2025-6011, is fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Background
The userpass auth method allows users to authenticate to a Vault using a username and password. Passwords are hashed using bcrypt, and are validated using the Golang’s /x/crypto/bcrypt package’s CompareHashAndPassword function.
Details
Vault attempted to mitigate the risk of timing-based information leaks in the userpass auth method by invoking bcrypt with a placeholder string if the provided username did not exist in Vault’s storage. This implementation was flawed, as the CompareHashAndPassword will exit early if the hash format provided is invalid. This would have potentially allowed an attacker to enumerate valid userpass users.
Remediation
Customers should evaluate the risk associated with this issue and consider upgrading to Vault Community Edition 1.20.1 or Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. Please refer to Upgrading Vault for general guidance.
Acknowledgement
This issue was identified by Yarden Porat of Cyata Security who reported it to HashiCorp.
We deeply appreciate any effort to coordinate disclosure of security vulnerabilities. For information about security at HashiCorp and the reporting of security vulnerabilities, please see https://hashicorp.com/security.