Affected by GO-2025-3783
and 9 other vulnerabilities
GO-2025-3783: OpenBao allows cancellation of root rekey and recovery rekey operations without authentication in github.com/openbao/openbao
GO-2025-3853: OpenBao TOTP Secrets Engine Code Reuse in github.com/openbao/openbao
GO-2025-3854: OpenBao has a Timing Side-Channel in the Userpass Auth Method in github.com/openbao/openbao
GO-2025-3855: OpenBao Userpass and LDAP User Lockout Bypass in github.com/openbao/openbao
GO-2025-3856: OpenBao Login MFA Bypass of Rate Limiting and TOTP Token Reuse in github.com/openbao/openbao
GO-2025-3857: OpenBao Root Namespace Operator May Elevate Token Privileges in github.com/openbao/openbao
GO-2025-3858: Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao
GO-2025-3859: OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias in github.com/openbao/openbao
GO-2025-4039: OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests in github.com/openbao/openbao
GO-2025-4156: OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation in github.com/openbao/openbao
This package is used to implement Key Derivation Functions (KDF)
based on the recommendations of NIST SP 800-108. These are useful
for generating unique-per-transaction keys, or situations in which
a key hierarchy may be useful.
CounterMode implements the counter mode KDF that uses a psuedo-random-function (PRF)
along with a counter to generate derived keys. The KDF takes a base key
a derivation context, and the required number of output bits.
PRF is a pseudo-random function that takes a key or seed,
as well as additional binary data and generates output that is
indistinguishable from random. Examples are cryptographic hash
functions or block ciphers.
Affected by 
Documentation
¶
Source Files