Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms
A total of 14 common vulnerabilities and exposures (CVEs) spanning CyberArk’s Conjur and HashiCorp’s Vault enterprise secrets management platforms have been addressed and disclosed this week, after being discovered by researchers at Cyata, an emergent, Israel-based startup working in the field of agentic identity.
Taken as a whole, the critical issues demonstrated “complete compromise” of the secrets management systems that protect virtually every Fortune 500 organisation, said Cyata. The vulnerability set, comprising five issues in Conjur and nine in Vault, has likely been exploitable for several years and includes issues that enable remote code execution (RCE).
Cyata CEO and Check Point alumni Shahar Tal said the disclosures represented a worst-case scenario for enterprise security.
“When attackers can compromise the vault without any authentication, they literally gain the keys to the kingdom – access to every database, every API [application programming interface], every cloud resource across an entire organisation,” he said.
“In some cases, we achieved full vault compromise with just a single unauthenticated API request – no credentials, no friction.”
Notable among the Conjur vulnerabilities is a complete, unauthenticated RCE chain that arises from the service’s default Amazon Web Services (AWS) integration setup.
