HashiCorp Vaults implementation of Shamirs secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vault | Hashicorp | * | 1.11.9 (excluding) |
| Vault | Hashicorp | 1.12.0 (including) | 1.12.5 (excluding) |
| Vault | Hashicorp | 1.13.0 (including) | 1.13.1 (excluding) |
| Red Hat OpenShift Container Platform 4.13 | RedHat | openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | openshift4/ose-installer:v4.14.0-202310201027.p0.g03546e5.assembly.stream | * |
| RHODF-4.13-RHEL-9 | RedHat | odf4/odf-rhel9-operator:v4.13.0-24 | * |
| RHODF-4.13-RHEL-9 | RedHat | odf4/rook-ceph-rhel9-operator:v4.13.0-70 | * |