Tripwire Enterprise Faces Critical Authentication Bypass Flaw (CVE-2024-4332)

Fortra, a leading cybersecurity solutions provider, has issued a security advisory for Tripwire Enterprise, its flagship configuration control solution. The advisory details a critical vulnerability, CVE-2024-4332, that could allow unauthenticated attackers to bypass authentication and gain privileged access to the system’s APIs.

The flaw, rated with a CVSS score of 9.1 (critical), affects Tripwire Enterprise version 9.1.0 when configured to use LDAP/Active Directory SAML authentication with the optional “Auto-synchronize LDAP Users, Roles, and Groups” feature enabled. This configuration creates a scenario where attackers can bypass authentication if a valid username is known.

Successful exploitation of the CVE-2024-4332 vulnerability could lead to unauthorized information disclosure or modification, as attackers gain access to sensitive data and system configurations. The impact is significant, as Tripwire Enterprise is widely used across various industries to monitor and manage critical IT infrastructures.

It’s important to note that Tripwire ExpertOps, a managed service offering from Fortra, is not affected by this vulnerability. Users on versions prior to 9.1.0 or those who have not enabled the Auto Synchronize feature are also unaffected. Nonetheless, Fortra strongly recommends upgrading to the latest release for optimal security.

Fortra urges all Tripwire Enterprise users to upgrade to version 9.1.1 immediately to address this vulnerability. For those unable to upgrade, a temporary mitigation involves disabling the “Auto Synchronize LDAP Users, Roles, and Groups” feature in the Settings manager. However, this also disables API access, making it a less desirable solution.