A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an incorrect default configuration in Vault’s Terraform Provider. Specifically, the provider set the deny_null_bind parameter
The post HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials appeared first on Cyber Security News. Read More
Posted inNews