April 16, 2024 at 06:48AM
Privileged access management provider Delinea rushed to patch a critical authentication bypass vulnerability in Secret Server SOAP API. Despite attempts at responsible disclosure, the company initially ignored researcher Johnny Yu’s findings. Delinea has since released patches for its platforms and assured customers that their data has not been compromised. No CVE identifier has been assigned yet.
Key Takeaways from the Meeting Notes:
1. Delinea, a Privileged Access Management (PAM) solutions provider, faced a critical vulnerability in the Secret Server SOAP API, which was responsibly disclosed by researcher Johnny Yu.
2. Delinea initially prevented exploitation by blocking impacted SOAP endpoints for Secret Server Cloud customers and released indicators of compromise (IoCs) to help customers detect potential exploitation attempts.
3. The company subsequently released patches for both Delinea Platform, Secret Server Cloud, and Secret Server On-Premises to address the vulnerability.
4. The technical details of the vulnerability and proof-of-concept (PoC) code were made public by researcher Johnny Yu on April 12, after unsuccessful attempts to responsibly disclose the findings to Delinea since February 12.
5. Delinea clarified that no evidence of compromised tenant data has been found, and it is working closely with on-premise customers to provide remediation steps.
6. Delinea emphasized that customer security is a priority and committed to providing updates on the situation at trust.delinea.com.
These takeaways can serve as a basis for further action items and communication regarding Delinea’s response to the vulnerability and the implications for customers.