Duplicate Secrets were created for Cloud customers with certain specific Discovery configurations.
The impact varied with the specific configuration.
Start of Impact (EST): Jan 23, 2025, 12:00 AM
End of Impact (EST): Jan 26, 2025, 6:30 PM
Discovery Import Rules configured in a particular way created duplicate Secrets.
Dependencies on the duplicated Secrets (Windows Services, Scheduled Tasks, etc.) may have stopped working.
Duplicate Secrets were created only for customers with the following configuration:
Customers in any of the following situations are not impacted:
Dependencies (Windows Services, Scheduled Tasks, etc.) may have stopped working when:
In this configuration, the bug would cause the pre-existing Secret to be disassociated from the non-computer account.
The Discovery Import Rule would run and generate a duplicate Secret, and change the password of the Secret. This could make
any dependencies using the original Secret's password fail, as the password they had would be out of date.
A code change to address a reported issue in Discovery caused a side effect which disassociated Secrets
from discovered non-computer accounts when "Discover Specific OUs" was enabled.
The Discovery Import Rule process uses this association to
prevent importing Secrets multiple times. Since the Secrets became disassociated, the Discovery Import Rule
process followed its configured actions and created the Secrets again. Depending on the configured interval,
this may have happened multiple times within the incident window.
To prevent a recurrence of this issue, we are taking the following actions:
Customer link to our knowledge base articles providing more information on this issue as well as diagnostic and remediation tools:
: https://support.delinea.com/s/article/1738106421935