Fourteen critical vulnerabilities in CyberArk's Conjur and HashiCorp's Vault have been identified by researchers at Cyata. These vulnerabilities pose risks of complete compromise of secrets management systems used by Fortune 500 organizations. The vulnerabilities include remote code execution (RCE) issues that have been exploitable for several years. Key vulnerabilities allow attackers to gain unauthorized access to databases, APIs, and cloud resources. Some attacks can achieve full system control with only a single unauthenticated API request, making these vulnerabilities severe threats to enterprise security.
When attackers can compromise the vault without any authentication, they literally gain the keys to the kingdom - access to every database, every API, every cloud resource across an entire organisation.
In some cases, we achieved full vault compromise with just a single unauthenticated API request - no credentials, no friction.
Collection
[
|
...
]