Delinea Secret Server customers should apply latest patches

Delinea Secret Server customers should apply latest patches

April 15, 2024 at 10:07AM

Delinea’s Secret Server customers are urged to upgrade installations immediately due to a critical vulnerability discovered by researcher Johnny Yu. The vulnerability allows attackers to gain admin-level access, putting account credentials at risk. Delinea fixed the vulnerability but did not credit Yu, leading to concerns about transparency. The incident also caused service disruptions.

Key takeaways from the meeting notes:
– Customers using Delinea’s Secret Server are advised to upgrade their installations immediately due to a critical vulnerability discovered by researcher Johnny Yu.
– The vulnerability affects both on-prem and cloud deployments of Secret Server, potentially allowing attackers to gain admin-level access and compromise account credentials.
– Delinea has fixed the vulnerability in the latest version (11.7.000001) but did not credit Yu by name with the discovery.
– Delinea claims there is no evidence to suggest the vulnerability was exploited before the fix, assuring customers that their data is believed to be safe.
– The release of the fixed version followed a seven-hour service outage that occurred a day earlier. Infosec expert Kevin Beaumont believes the disruption was related to the disclosed vulnerability.
– Yu’s disclosure timeline indicates he tried to report the vulnerability to Delinea in February but was initially unable to open a case since he was not a paying customer or affiliated with one.
– Delinea allegedly failed to respond to Yu’s responsible disclosure attempts, prompting him to go public two days before Delinea’s patch release.

Full Article