Security News > 2024 > April > A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets.
Delinea Secret Server is a privileged access management solution "For the modern, hybrid enterprise".
On Saturday, the company explained that they were aware of the vulnerability in the Secret Server SOAP API and were dealing with the situation by blocking SOAP endpoints for Secret Server Cloud customers, until they can patch the cloud service - which they did on the same day.
On Sunday, Delinea released Secret Server On-Premises, which fixes the flaw, and promised patches for prior versions as soon as testing is completed.
"Any access over Webservices will result in an audit record. Please investigate any secrets with atypical audit history or patterns: confirm if any Secret Server user is using the old Secret Server mobile application, and investigate the IP address, time of access, and users accessing secrets recorded on the audit record," Delinea advised.
Security researcher Kevin Beaumont said that Friday's temporary unavailability of Delinea's Secret Server Cloud was due to a blog post published by security engineer Johnny Yu on Wednesday.
News URL
https://www.helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability/
Related news
- Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)