CVE-2024-25650 in PAM Secret Serverinfo

Zusammenfassung

von MITRE • 14.03.2024

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservieren

09.02.2024

Veröffentlichung

14.03.2024

Moderieren

akzeptiert

Eintrag

VDB-256817

CPE

bereit

EPSS

0.00250

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!