Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Delinea PAM Secret Server 安全漏洞
Vulnerability Description
Delinea PAM Secret Server是Delinea公司的一款密钥服务管理器。 Delinea PAM Secret Server 11.4版本存在安全漏洞,该漏洞源于存在不安全的密钥交换,允许管理员通过精心设计的载荷获取对称密钥和敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A