Vault Secrets Exposed: Super User Access Attack Vector #shorts

Name: Vault Secrets Exposed: Super User Access Attack Vector #shorts
Uploaded: 2026-04-13
Duration: 26 s
Description: A Vault instance within your environment holds all secrets. An access token allows unauthorized MFA-less access to sensitive Vault paths, leading to critical security breaches. This super user token never expires. #CyberSecurity #InfoSec #Vault #SecretsManagement #BsideFrankfurt #BSidesFRA

BSides Frankfurt0:261.1K viewsPublished 2026-04Watch on YouTube ↗

About this talk

A Vault instance within your environment holds all secrets. An access token allows unauthorized MFA-less access to sensitive Vault paths, leading to critical security breaches. This super user token never expires. #CyberSecurity #InfoSec #Vault #SecretsManagement #BsideFrankfurt #BSidesFRA

Show transcript [en]

You got a vault instance hosted inside of your environment. It's got access to all your secrets. That's what it does. Um and then this access token they find that they can access the vault path uh without MFA of an application account. And now they have now this one's red because this is a this is a super user for this application account, never expires, and they can do anything they want to that application. But wait, there's more.

Vault Secrets Exposed: Super User Access Attack Vector #shorts

Related talks