logo

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance.

CVE-2024-45488

“Once an attacker has gained an authenticated administrative session on the appliance, they can carry out any action that a legitimate administrator user would be capable of. This includes the ability to reconfigure settings on the appliance, or modify policies to allow extraction of passwords stored in managed accounts or personal vaults,” AmberWolf researchers have explained.

“If the appliance is configured to use the default backup encryption setting (which uses a hardcoded RSA key), then the attacker can also download and decrypt a copy of any appliance backups.”

About CVE-2024-45488

One Identity Safeguard for Privileged Passwords is a solution that “automates, controls and secures the process of granting privileged credentials with role-based access management and automated work flows.”

CVE-2024-45488 (aka “Skeleton Cookie”) arises from the presence of a hard-coded cryptographic key in SPP virtual appliance images, which could be used by attackers to forge session cookies.

The easy-to-understand write-up by researchers David Cash and Richard Warren details the discovery of the vulnerability and includes a video demo of their exploit in action.

Is your virtual appliance vulnerable?

After the researchers shared their findings, One Identity confirmed that the vulnerability does not impact deployments running on physical appliances, hosted in Azure, AWS, OCI or other officially supported cloud platforms – just Safeguard for Privileged Passwords hosted on VMware or HyperV.

Users have been advised to upgrade to Safeguard for Privileged Passwords 7.0.5.1 LTS, 7.4.2 or 7.5.2, which contain the fix.

AmberWolf researchers have also released a script users can check whether their instance is vulnerable to CVE-2024-45488 exploitation.

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

Mysterious "LOVE" packet storms flood the internet since 2020

Free security scan for your website

Top News:

Truist Bank confirms breach after stolen data shows up on hacking forum

Truist Bank confirms breach after stolen data shows up on hacking forum

 June 14, 2024
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

 October 30, 2024
Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

 November 4, 2024
CISA proposes new security requirements to protect govt, personal data

CISA proposes new security requirements to protect govt, personal data

 October 23, 2024
Microsoft SharePoint RCE bug exploited to breach corporate network

Microsoft SharePoint RCE bug exploited to breach corporate network

 November 2, 2024
Google patches actively exploited Android vulnerability (CVE-2024-43093)

Google patches actively exploited Android vulnerability (CVE-2024-43093)

 November 5, 2024