CVE-2024-25650 in PAM Secret Serverinformation

Résumé

par MITRE • 14/03/2024

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Réserver

09/02/2024

Divulgation

14/03/2024

Modérer

accepté

Entrée

VDB-256817

CPE

prêt

EPSS

0.00250

KEV

non

Activités

très faible

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!