On 12 April 2024, Delinea issued an advisory to address a critical authentication bypass vulnerability identified in the SOAP API component of its Secret Server product, available in both Cloud and On-Premises solutions. A threat actor could exploit this vulnerability to bypass authentication, gain administrative access, and extract sensitive information. This advisory was released in response to the initial disclosure of the vulnerability on 10 April 2024, by a security researcher who also provided a proof of concept (PoC) exploit.
The vulnerability currently does not have an assigned Common Vulnerability and Exposures (CVE) number or a Common Vulnerability Scoring System (CVSS) score. Furthermore, Delinea has confirmed that there have been no observed instances of active exploitation of this vulnerability. However, given the original disclosure of the vulnerability, which includes a PoC exploit, it is likely to draw the attention of threat actors due to the malicious actions they could perform on vulnerable servers.
Recommendation
Upgrade Delinea Secret Server to Fixed Version
Arctic Wolf strongly recommends upgrading Delinea Secret Server to the latest versions.
| Product | Affected Version | Fixed Version |
| Delinea Secret Server |
11.7.000000 | 11.7.000001 |
| 11.6.000025 and below | 11.6.000026 or 11.7.000001 | |
| 11.5.000002 |
|
|
| Older than 11.5.000002 |
Download 11.5.000002, then upgrade to any of the patched versions above |
Please follow your organisation’s patching and testing guidelines to avoid operational impact.
References
- Delinea Customer Email
- Delinea Advisory
- Delinea Knowledge Base Article (Remediating Vulnerability Guidance)
- Note: Originally this was publicly accessible, but now requires a customer login.
- Security Researcher Blog Post (Original Disclosure)
