Improper Authentication Affecting Open this link in a new tab package, versions >=1.7.0 <1.7.2 >=1.6.0 <1.6.5 <1.5.9

  • Attack Complexity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    4 Jun 2021

  • disclosed

    3 Jun 2021

  • credit


How to fix?

Upgrade to version 1.7.2, 1.6.5, 1.5.9 or higher.


Affected versions of this package are vulnerable to Improper Authentication. Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use.