Security News > 2024 > April > A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets.

Delinea Secret Server is a privileged access management solution "For the modern, hybrid enterprise".

On Saturday, the company explained that they were aware of the vulnerability in the Secret Server SOAP API and were dealing with the situation by blocking SOAP endpoints for Secret Server Cloud customers, until they can patch the cloud service - which they did on the same day.

On Sunday, Delinea released Secret Server On-Premises, which fixes the flaw, and promised patches for prior versions as soon as testing is completed.

"Any access over Webservices will result in an audit record. Please investigate any secrets with atypical audit history or patterns: confirm if any Secret Server user is using the old Secret Server mobile application, and investigate the IP address, time of access, and users accessing secrets recorded on the audit record," Delinea advised.

Security researcher Kevin Beaumont said that Friday's temporary unavailability of Delinea's Secret Server Cloud was due to a blog post published by security engineer Johnny Yu on Wednesday.

News URL

https://www.helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability/