CVE-2024-25650

Name of the Vulnerable Software and Affected Versions Delinea PAM Secret Server version 11.4 Distributed Engine version 8.4.3

Description The issue allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the "/pre-authenticate", "/authenticate", and "/execute-and-respond" REST API endpoints. This enables the administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges without being audited in the application.

Recommendations For Delinea PAM Secret Server version 11.4, consider disabling access to the "/pre-authenticate", "/authenticate", and "/execute-and-respond" REST API endpoints until a patch is available. For Distributed Engine version 8.4.3, restrict the use of the Symmetric Key to minimize the risk of exploitation. Avoid using crafted payloads to the vulnerable API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.