Kevin BeaumontApr 13, 2024

PAM provider Delinea, aka Thycotic, had a quiet 5 hour long disruption due to a security incident.

They now have maintenance running for their Secret Server product.

“An endpoint containing a security concern has been identified.”

HT to @matdef

#threatintel

Show threadKevin BeaumontApr 13, 2024
The So What is Delinea Secret Server holds user and system account credentials for orgs, it’s like CyberArk.
Show threadKevin BeaumontApr 13, 2024

Delinea have published IoCs for a security incident in Delinea Secret Server Cloud aka Thycotic. It’s behind a paywall. It’s a vulnerability in their SOAP implementation. No CVE has been assigned, presumably because cloud service. #threatintel

https://support.delinea.com/s/article/KB-010572-How-do-I-remediate-Secret-Server-in-reference-to-the-Secret-Server-SOAP-vulnerability

MatDefApr 13, 2024
Show threadKevin Beaumont

Oh boy. Apparently things are not good at Delinea around Thycotic. I just checked and the cloud version appears to be patched for this - after security incident.

https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3

#threatintel

“All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass

Delinea Secret Server is a privileged access management (PAM) solution that helps organizations secure, manage, and monitor privileged accounts and access across their IT infrastructure. Accessing…

Medium
Apr 13, 2024 at 7:43pmWeb
Show threadIan Towner Apr 13, 2024
@GossiTheDog not the sort of response you want from a PAM vendor…or any vendor tbh! Question is was it already being exploited…
Show threadfaebudoApr 13, 2024
@GossiTheDog Just.. ouch..
Show threadRené ☀️ Hoffmann Apr 14, 2024
@GossiTheDog The way, they handled the disclosure, was not very trustworthy, imho.