Vaults can be cracked open
Critical vulnerabilities in popular enterprise credential vaults were unveiled by security researchers from Cyata during Black Hat.
The flaws in various components of HashiCorp Vault and CyberArk Conjur — responsibly disclosed to the vendors and patched before their disclosure — stemmed from subtle logic flaws in authentication, validation, and policy enforcement mechanisms, as CSO reported in our story on the research.
Secrets vaults store credentials, tokens, and certificates that govern access to systems, services, APIs, and data while offering role-based access controls, secret rotation and auditing functions. Designed for integration with DevOps tools, these technologies often form an integral part of software development pipelines.
