CVE-2024-25650
Published Mar 14, 2024
Last updated 8 months ago
Overview
- Description
- Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
Social media
- Hype score
- Not currently trending