CVE-2024-25651

Name of the Vulnerable Software and Affected Versions Delinea PAM Secret Server version 11.4

Description User enumeration can occur in the Authentication REST API, allowing a remote attacker to determine whether a user is valid due to a difference in responses from the "/oauth2/token" endpoint.

Recommendations For Delinea PAM Secret Server version 11.4, consider restricting access to the "/oauth2/token" endpoint until a patch is available. As a temporary workaround, review and modify the Authentication REST API to prevent user enumeration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.