Techly NewsGet the app

Get the latest tech news

Researchers Uncover RCE Attack Chains in HashiCorp Vault and CyberArk Conjur


Open-source credential management systems HashiCorp Vault and CyberArk Conjur had flaws enabled remote code execution among other attacks.

Researchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication checks, access secrets, impersonate identities and execute arbitrary code. Their findings, which include 14 vulnerabilities that enable remote code execution (RCE) attack chains in both products, were presented today at the Black Hat USA security conference in Las Vegas. As with Conjur, Cyata researchers conducted manual code reviews of Vault, focusing on logic flaws in components responsible for authentication and policy enforcement, rather than memory corruption or race conditions typically detected by automated tools.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of researchers

researchers

Photo of hashicorp

hashicorp

Photo of cyberark

cyberark

Related news:

News photo

Researchers hacked Google Gemini to take control of a smart home

News photo

China Turns to A.I. in Information Warfare: Documents examined by researchers show how one company in China has collected data on members of Congress and other influential Americans.

News photo

Researchers develop visual microphone that uses light instead of air to detect sound | The optical microphone recovers sound by sensing vibrations on everyday surfaces

« Herbie detects inaccurate expressions and finds more accurate replacements
How to run OpenAI's new gpt-oss-20b LLM on your computer »