Login Sign Up

CVE-2021-34679

10.0 CRITICAL
Authentication Bypass

📋 TL;DR

Thycotic Password Reset Server versions before 5.3.0 contain a vulnerability that allows attackers to disclose sensitive credentials. This affects organizations using Thycotic's password reset functionality for privileged account management. The vulnerability could expose administrative credentials and compromise password reset systems.

💻 Affected Systems

Products:
  • Thycotic Password Reset Server
Versions: All versions before 5.3.0
Operating Systems: Windows Server (primary deployment platform)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments of Thycotic Password Reset Server prior to version 5.3.0 regardless of configuration.

📦 What is this software?

Password Reset Server by Thycotic

View all CVEs affecting Password Reset Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of password reset infrastructure leading to credential theft, privilege escalation, and lateral movement across the network.

🟠

Likely Case

Unauthorized access to password reset functionality allowing attackers to reset passwords for privileged accounts and gain administrative access.

🟢

If Mitigated

Limited exposure if system is isolated with strict network controls and monitoring, but credential disclosure risk remains.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly exploit to steal credentials and compromise systems.
🏢 Internal Only: HIGH - Even internally, this allows credential disclosure that could lead to privilege escalation and lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 10.0 suggests trivial exploitation without authentication. No public exploit code identified, but high score indicates easy exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.0

Vendor Advisory: https://docs.thycotic.com/prs/5.3.0/release-notes/5.3.0.md

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Thycotic Password Reset Server 5.3.0 from official vendor portal. 3. Run installer and follow upgrade wizard. 4. Restart the Password Reset Server service. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Password Reset Server to only necessary administrative systems

Configure firewall rules to limit inbound connections to specific IP ranges

Enhanced Monitoring

all

Implement strict logging and alerting for authentication and password reset activities

Enable verbose logging in Thycotic Password Reset Server configuration

🧯 If You Can't Patch

  • Immediately isolate the Password Reset Server from internet and restrict internal network access
  • Implement multi-factor authentication for all administrative access and monitor for suspicious password reset activities

🔍 How to Verify

Check if Vulnerable:

Check Thycotic Password Reset Server version in administrative console or via installed programs list

Check Version:

Check 'About' section in Thycotic Password Reset Server web interface or examine installed programs in Windows

Verify Fix Applied:

Confirm version is 5.3.0 or later in administrative interface and test password reset functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication patterns
  • Multiple failed login attempts followed by successful access
  • Password reset requests from unexpected sources

Network Indicators:

  • Unusual traffic patterns to Password Reset Server port
  • Connection attempts from unauthorized IP addresses

SIEM Query:

source="thycotic_prs" AND (event_type="authentication" OR event_type="password_reset") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2021-34679
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Published: June 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON