CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials

Researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp. If successfully exploited, the vulnerabilities can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.