Local Authentication Bypass in BeyondTrust Privileged Remote Access (PRA) Versions 22.2.x to 22.4.x

Local Authentication Bypass in BeyondTrust Privileged Remote Access (PRA) Versions 22.2.x to 22.4.x

CVE-2023-23632 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.

Learn more about our Web Application Penetration Testing UK.