Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

June 13, 2024 at 01:25PM A proof-of-concept exploit for Veeam Recovery Orchestrator vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha. The exploit allows unauthenticated access to the web UI with administrative privileges due to a hardcoded JWT secret. Veeam’s security bulletin suggests upgrading to patched versions and provides conditions required to … Read more