HashiCorp Vault Azure Auth Method Authentication Bypass Vulnerability

A vulnerability exists in the Azure authentication method of HashiCorp Vault (both Community and Enterprise editions) versions 0.10.0 prior to 1.19.0, as well as Vault Enterprise versions 1.18.6, 1.17.13, and 1.16.17. The issue arises because the authentication method did not properly validate claims in Azure-issued tokens, potentially allowing users to bypass geographical restrictions set by the bound_locations parameter during login. This could be exploited by manipulating login parameters to meet login requirements while circumventing location restrictions.

Impact

Exploitation of this vulnerability could lead to unauthorized authentication bypass, allowing users to log in to Vault without adhering to the specified geographical restrictions.

Remediation

Users are advised to upgrade to Vault Community Edition 1.19.1 or Vault Enterprise versions 1.19.1, 1.18.7, 1.17.14, or 1.16.18. General upgrade guidance is available in the 'Upgrading Vault' documentation.