Delinea Secret Server PAM has a critical vulnerability allowing authentication bypass
Take action: If you are using Delinea PAM server on premise, patch ASAP. It should be already locked in to trusted networks, but make sure it's not exposed to the internet. Then proceed and patch.
Learn More
Delinea's Secret Server, a privileged access management (PAM) product, is reporting a critical vulnerability that allows attackers to bypass authentication and gain administrative access.
The vulnerability was discovered by researcher Johnny Yu and affects both on-prem and cloud deployments of Secret Server. Johnny Yu went public with the vulnerability details on April 10, after unsuccessful attempts to disclose it directly to Delinea. His findings include an authentication bypass that could be exploited using a hardcoded key to deserialize an API token, enabling an attacker to assume admin privileges.
Delinea experienced a seven-hour outage on April 12, which the company stated was due to a security incident. They then released the patch on April 13.
The issue has been addressed in the latest version of Secret Server (11.7.000001). Delinea claims that there is no evidence the vulnerability was exploited before the fix was released. Delinea Platform and Secret Server Cloud have been patched and are no longer vulnerable.
Delinea has since conducted reviews to ensure no customer data was compromised and continues to monitor the situation.
Those with on-prem installations need to update immediately to the latest version to secure their systems.