From 9868b46de357740359289d60af671b9741d7c577 Mon Sep 17 00:00:00 2001 From: Ryan <accounts+github@ryanwarnock.me> Date: Mon, 29 Apr 2024 14:51:50 +0800 Subject: [PATCH 1/2] Secret Server auth bypass advisory --- .../20240429003-SercretServer-Auth-ByPass.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 docs/advisories/20240429003-SercretServer-Auth-ByPass.md diff --git a/docs/advisories/20240429003-SercretServer-Auth-ByPass.md b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md new file mode 100644 index 000000000..bec098328 --- /dev/null +++ b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md @@ -0,0 +1,27 @@ +# Delinea Secret Server Authentication Bypass Vulnerability - 20240429003 + +## Overview + +The WA SOC has been made aware of an authentication bypass vulnerability in Delinea Secret Server. + +Delinea Secret Server versions before 11.7.000001 are vulnerable to a serious authentication bypass attack that may allow attackers to gain Admin access and to retrieve stored secrets, due to a hardcoded key used in the authentication process. Delinea is urging all on premises customers running the vulnerable versions to upgrade. + +## What is vulnerable? + +| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | +| ------ | ------------ | ---- | ------------------- | ------- | ----- | +| [CVE-2024-33891](https://nvd.nist.gov/vuln/detail/CVE-2024-33891) | **High** | 8.8 | Delinea Secret Server **versions before** 11.7.000001| Authentication bypass vulnerabilty due to a hardcoded key. | 28/04/2024 | + +## What has been observed? + +There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. + +## Recommendation + +The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 2 weeks (refer [Patch Management](../guidelines/patch-management.md)): + +- [Delinea - Trust Center Updates](https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3) + +## Additional References + +- [“All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass](https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3) From 50673781ef70e3491c38b7d20aaf9c533e3c9f58 Mon Sep 17 00:00:00 2001 From: ryan-aus <ryan-aus@users.noreply.github.com> Date: Mon, 29 Apr 2024 06:52:32 +0000 Subject: [PATCH 2/2] Format markdown docs --- docs/advisories/20240429003-SercretServer-Auth-ByPass.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/advisories/20240429003-SercretServer-Auth-ByPass.md b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md index bec098328..90166ec4b 100644 --- a/docs/advisories/20240429003-SercretServer-Auth-ByPass.md +++ b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md @@ -8,9 +8,9 @@ Delinea Secret Server versions before 11.7.000001 are vulnerable to a serious au ## What is vulnerable? -| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | -| ------ | ------------ | ---- | ------------------- | ------- | ----- | -| [CVE-2024-33891](https://nvd.nist.gov/vuln/detail/CVE-2024-33891) | **High** | 8.8 | Delinea Secret Server **versions before** 11.7.000001| Authentication bypass vulnerabilty due to a hardcoded key. | 28/04/2024 | +| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated | +| ----------------------------------------------------------------- | -------- | ---- | ----------------------------------------------------- | ---------------------------------------------------------- | ---------- | +| [CVE-2024-33891](https://nvd.nist.gov/vuln/detail/CVE-2024-33891) | **High** | 8.8 | Delinea Secret Server **versions before** 11.7.000001 | Authentication bypass vulnerabilty due to a hardcoded key. | 28/04/2024 | ## What has been observed?