GHSA-HH28-H22F-8357 OpenBao has a Timing Side-Channel in the Userpass Auth Method

Impact When using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of wheth ...

Continue Reading

August 09, 2025

GHSA-J3XV-7FXP-GFHX OpenBao Userpass and LDAP User Lockout Bypass

Impact Attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user e ...

Continue Reading

August 09, 2025

CVE-2025-8741

creation_timestamp| type| source ---|---|--- 2025-08-08 23:36:00+00:00| seen|...Read More ...

Continue Reading

August 09, 2025

GHSA-RXP7-9Q75-VJ3P OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse

Impact OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes ...

Continue Reading

August 09, 2025

CVE-2025-55188

creation_timestamp| type| source ---|---|--- 2025-08-08 23:51:01+00:00| seen|...Read More ...

Continue Reading

August 09, 2025

CVE-2025-8742

creation_timestamp| type| source ---|---|--- 2025-08-08 23:46:01+00:00| seen|...Read More ...

Continue Reading

August 09, 2025

CVE-2025-8740

creation_timestamp| type| source ---|---|--- 2025-08-08 23:41:01+00:00| seen|...Read More ...

Continue Reading

August 09, 2025

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing att ...

Continue Reading

August 08, 2025

1 404 405 406 407 408 9,321

Back to Main
Subscribe for the latest news: