CVE-2023-25000: 
HashiCorp Vault vulnerability analysis and mitigation

HashiCorp Vault's implementation of Shamir's secret sharing was found to be vulnerable to cache-timing attacks, identified as CVE-2023-25000. The vulnerability was discovered and disclosed on March 29, 2023, affecting Vault and Vault Enterprise versions up to 1.13.0, 1.12.4, and 1.11.8. The issue has been fixed in versions 1.13.1, 1.12.5, and 1.11.9 (HashiCorp Discuss).

The vulnerability stems from Vault's Shamir implementation using Go's crypto/subtle package and constant time functions. The specific issue lies in the mult and div operations that compute differences between precomputed Galois Field log tables. When these tables are loaded into the CPU cache, the loading pattern creates cache-timing leaks. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (NetApp Security).

An attacker with access to and the ability to observe a large number of unseal operations on the host through a side channel could potentially reduce the search space of a brute force effort to recover the Shamir shares. If successful, this could result in the retrieval of sensitive data, such as the unseal or root key (HashiCorp Discuss).

The recommended mitigation is to upgrade to Vault Enterprise versions 1.13.1, 1.12.5, 1.11.9, or newer. The mult and div functions used in Vault's Shamir implementation have been modified to remove table lookups and negate this attack vector. Organizations should evaluate their risk exposure and follow the general guidance provided in Vault's upgrading documentation (HashiCorp Discuss).