Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-55003— OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse

CVSS 5.7 · Medium EPSS 0.04% · P12
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-55003

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes. This issue was fixed in version 2.3.2. To work around this, use of rate-limiting quotas can limit an attacker's ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
过多认证尝试的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenBao 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.3.1及之前版本存在安全漏洞,该漏洞源于TOTP库对包含空白的代码进行了规范化处理,可能导致绕过内部速率限制和重用现有MFA代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
openbaoopenbao < 2.3.2 -

II. Public POCs for CVE-2025-55003

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-55003

登录查看更多情报信息。

Same Patch Batch · openbao · 2025-08-09 · 7 CVEs total

CVE-2025-549979.1 CRITICALOpenBao: Privileged Operator May Execute Code on the Underlying Host
CVE-2025-549967.2 HIGHOpenBao Root Namespace Operator May Elevate Token Privileges
CVE-2025-550016.5 MEDIUMOpenBao LDAP MFA Enforcement Bypass When Using Username As Alias
CVE-2025-550006.5 MEDIUMOpenBao TOTP Secrets Engine Enables Code Reuse
CVE-2025-549985.3 MEDIUMOpenBao Userpass and LDAP User Lockout Bypass
CVE-2025-549993.7 LOWOpenBao: Timing Side-Channel in Userpass Auth Method

IV. Related Vulnerabilities

Same product: openbao
Same vendor: openbao
Same weakness: CWE-307

V. Comments for CVE-2025-55003

No comments yet

Leave a comment