From 9868b46de357740359289d60af671b9741d7c577 Mon Sep 17 00:00:00 2001
From: Ryan <accounts+github@ryanwarnock.me>
Date: Mon, 29 Apr 2024 14:51:50 +0800
Subject: [PATCH 1/2] Secret Server auth bypass advisory

---
 .../20240429003-SercretServer-Auth-ByPass.md  | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 docs/advisories/20240429003-SercretServer-Auth-ByPass.md

diff --git a/docs/advisories/20240429003-SercretServer-Auth-ByPass.md b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md
new file mode 100644
index 000000000..bec098328
--- /dev/null
+++ b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md
@@ -0,0 +1,27 @@
+# Delinea Secret Server Authentication Bypass Vulnerability - 20240429003
+
+## Overview
+
+The WA SOC has been made aware of an authentication bypass vulnerability in Delinea Secret Server.
+
+Delinea Secret Server versions before 11.7.000001 are vulnerable to a serious authentication bypass attack that may allow attackers to gain Admin access and to retrieve stored secrets, due to a hardcoded key used in the authentication process. Delinea is urging all on premises customers running the vulnerable versions to upgrade.
+
+## What is vulnerable?
+
+| CVE    | Severity     | CVSS | Product(s) Affected | Summary | Dated |
+| ------ | ------------ | ---- | ------------------- | ------- | ----- |
+| [CVE-2024-33891](https://nvd.nist.gov/vuln/detail/CVE-2024-33891) | **High** | 8.8  | Delinea Secret Server **versions before** 11.7.000001| Authentication bypass vulnerabilty due to a hardcoded key.       | 28/04/2024      |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 2 weeks (refer [Patch Management](../guidelines/patch-management.md)):
+
+- [Delinea - Trust Center Updates](https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3)
+
+## Additional References
+
+- [“All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass](https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3)

From 50673781ef70e3491c38b7d20aaf9c533e3c9f58 Mon Sep 17 00:00:00 2001
From: ryan-aus <ryan-aus@users.noreply.github.com>
Date: Mon, 29 Apr 2024 06:52:32 +0000
Subject: [PATCH 2/2] Format markdown docs

---
 docs/advisories/20240429003-SercretServer-Auth-ByPass.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/advisories/20240429003-SercretServer-Auth-ByPass.md b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md
index bec098328..90166ec4b 100644
--- a/docs/advisories/20240429003-SercretServer-Auth-ByPass.md
+++ b/docs/advisories/20240429003-SercretServer-Auth-ByPass.md
@@ -8,9 +8,9 @@ Delinea Secret Server versions before 11.7.000001 are vulnerable to a serious au
 
 ## What is vulnerable?
 
-| CVE    | Severity     | CVSS | Product(s) Affected | Summary | Dated |
-| ------ | ------------ | ---- | ------------------- | ------- | ----- |
-| [CVE-2024-33891](https://nvd.nist.gov/vuln/detail/CVE-2024-33891) | **High** | 8.8  | Delinea Secret Server **versions before** 11.7.000001| Authentication bypass vulnerabilty due to a hardcoded key.       | 28/04/2024      |
+| CVE                                                               | Severity | CVSS | Product(s) Affected                                   | Summary                                                    | Dated      |
+| ----------------------------------------------------------------- | -------- | ---- | ----------------------------------------------------- | ---------------------------------------------------------- | ---------- |
+| [CVE-2024-33891](https://nvd.nist.gov/vuln/detail/CVE-2024-33891) | **High** | 8.8  | Delinea Secret Server **versions before** 11.7.000001 | Authentication bypass vulnerabilty due to a hardcoded key. | 28/04/2024 |
 
 ## What has been observed?