Security News > 2024 > April > A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets.
Delinea Secret Server is a privileged access management solution "For the modern, hybrid enterprise".
On Saturday, the company explained that they were aware of the vulnerability in the Secret Server SOAP API and were dealing with the situation by blocking SOAP endpoints for Secret Server Cloud customers, until they can patch the cloud service - which they did on the same day.
On Sunday, Delinea released Secret Server On-Premises, which fixes the flaw, and promised patches for prior versions as soon as testing is completed.
"Any access over Webservices will result in an audit record. Please investigate any secrets with atypical audit history or patterns: confirm if any Secret Server user is using the old Secret Server mobile application, and investigate the IP address, time of access, and users accessing secrets recorded on the audit record," Delinea advised.
Security researcher Kevin Beaumont said that Friday's temporary unavailability of Delinea's Secret Server Cloud was due to a blog post published by security engineer Johnny Yu on Wednesday.
News URL
https://www.helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability/
Related news
- QNAP warns of critical auth bypass flaw in its NAS devices (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining (source)
- AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)