Vaulted Severance: Your Secrets Are Now Outies

Name: Vaulted Severance: Your Secrets Are Now Outies
Duration: 30 min
Description: Researchers from Sayata disclosed nine CVEs in HashiCorp Vault and five CVEs in CyberArk Conjur, including the first-ever remote code execution reported against Vault and a pre-authentication RCE in Conjur. The attacks chain authentication bypasses and privilege escalation to full root-level shell access from a plain, default user account. ---

Black Hat USA 2025 · Day 1 · Briefings

Researchers from Sayata disclosed nine CVEs in HashiCorp Vault and five CVEs in CyberArk Conjur, including the first-ever remote code execution reported against Vault and a pre-authentication RCE in Conjur. The attacks chain authentication bypasses and privilege escalation to full root-level shell access from a plain, default user account. ---

AI review

Nine CVEs in HashiCorp Vault and five in CyberArk Conjur, including the first-ever RCE against Vault and a pre-auth RCE in Conjur. The MFA bypass with a trailing space is beautiful and mortifying in equal measure. Solid vulnerability research that will make every secret vault operator uncomfortable.

Watch on YouTube