Delinea, a privileged access management solutions provider, faced a critical security incident concerning an authentication bypass vulnerability in the Secret Server SOAP API. The company initially responded by blocking affected SOAP endpoints for Secret Server Cloud customers and releasing indicators of compromise (IoCs) to aid detection. However, it was revealed that Delinea had disregarded attempts by researcher Johnny Yu to responsibly disclose the vulnerability for weeks before taking action.
Despite Delinea’s efforts to rectify the situation by releasing patches for both Delinea Platform and Secret Server Cloud, concerns were raised about the delayed response to the researcher’s disclosure attempts. Yu had been attempting to communicate his findings to Delinea since February 12, but his efforts were reportedly ignored, prompting him to publicly disclose the technical details of the vulnerability on April 12.
Delinea’s handling of the disclosure process has come under scrutiny, with questions raised about its responsiveness to security concerns and communication with researchers. Although the company has stated that it found no evidence of compromised customer data and has reassured customers of ongoing monitoring and updates, the incident underscores the importance of prompt and effective vulnerability management in safeguarding against potential threats.
