HashiCorp Vault exposed multiple zero-day vulnerabilities involving authentication and remote code execution

HashiCorp Vault, a wallet and key management tool widely used in the cryptocurrency industry, was recently exposed to multiple zero-day vulnerabilities covering key aspects such as authentication, identification, and authorization. Some of these vulnerabilities could bypass lockdown and multi-factor authentication protections, and even allow attackers to achieve remote code execution (RCE), posing a serious threat to infrastructure security. The Cyata team has collaborated with HashiCorp to complete the fixes. SlowMist Technology's Chief Information Security Officer, 23pds, recommends that relevant organizations upgrade to the latest version as soon as possible to mitigate potential risks.