CVE-2023-2197: 
HashiCorp Vault vulnerability analysis and mitigation

HashiCorp Vault Enterprise versions 1.13.0 up to 1.13.1 were identified to contain a vulnerability (CVE-2023-2197) where a padding oracle attack could be possible when using an HSM with CBC-based encryption mechanisms (CKMAESCBCPAD or CKMAES_CBC). The vulnerability was discovered and disclosed on May 1, 2023, and was subsequently fixed in version 1.13.2 (HashiCorp Discuss).

The vulnerability stems from Vault not properly applying an HMAC to messages sent from the HSM when using a CBC-based encryption mechanism. This specifically affects Vault's root key wrapping functionality with an HSM, while other HSM functionalities remain protected due to Vault's defense-in-depth protection against message tampering. The vulnerability has been assigned a CVSS score of 2.5 (LOW) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N (NetApp Security).

If successfully exploited, an attacker with privileges to modify storage and restart Vault may be able to intercept or modify ciphertext to derive Vault's root key. However, compromising the root key alone is not sufficient for compromising other Vault storage unless the HSM is also compromised, as the barrier keyring remains encrypted by the HSM (HashiCorp Discuss).

Organizations using Vault Enterprise with HSM functionality utilizing either CKMAESCBCPAD or CKMAES_CBC encryption mechanisms should upgrade to Vault Enterprise version 1.13.2. After upgrading, it is recommended to rekey Vault using the 'vault operator rekey -init' command to generate new unseal keys (HashiCorp Discuss).

The vulnerability was identified by the Vault engineering team internally, demonstrating HashiCorp's proactive approach to security. The issue has been publicly discussed and acknowledged by major technology companies, including NetApp, who have assessed their products for potential impact (HashiCorp Discuss, NetApp Security).