Executive Summary
During a routine third-party security review of Netwrix Recovery for Active Directory (formerly StealthRECOVER), two vulnerabilities were identified. First, due to lacking protections, an attacker may be able to conduct brute force attacks against Active Directory users through Netwrix Recovery for Active Directory’s login form. Second, because of lack of support for multifactor authentication, an attacker in possession of an authorized user’s credentials may be able to access Netwrix Recovery for Active Directory’s sensitive functions.
Netwrix is unaware of any evidence of active exploitation of this vulnerability.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Account Policy - Weak Lockout Policy | Netwrix Recovery for Active Directory (formerly StealthRecover) | <= 2.2.0.171 <= 2.5.0.233 <= 2.6.0.228 |
9.3 | 9.3 / 8.1 | Netwrix Recovery for Active Directory does not enforce an account lockout policy. Netwrix Recovery for Active Directory integrates with Active Directory, which may allow an attacker to conduct brute force attacks against Active Directory users through the Netwrix Recovery for Active Directory login form. |
| Account Policy - Use of Single-factor Authentication | Netwrix Recovery for Active Directory (formerly StealthRecover) | <= 2.2.0.171 <= 2.5.0.233 <= 2.6.0.228 |
7.5 | 7.4 / 6.4 | Netwrix Recovery for Active Directory does not support multi-factor authentication (MFA). This may allow an attacker in possession of the credentials of a user with access to Netwrix Recovery for Active Directory to gain access to its sensitive functions. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgements about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Account Policy - Weak Lockout Policy | No | No | No |
| Account Policy - Use of Single-factor Authentication | No | No | No |
Solution
All Netwrix Recovery for Active Directory customers are advised to update Netwrix Recovery for Active Directory to version 2.6.0.244 or later as soon as possible.
Instructions for the Netwrix Recovery for Active Directory upgrade process can be found in the following help center articles:
- Upgrade StealthRECOVER v2.X to Recovery for Active Directory v2.5
- Upgrade Recovery for Active Directory v2.5 to v2.6
- Upgrade Recovery for Active Directory v2.6.x (in place upgrade)
Once Netwrix Recovery for Active Directory has been upgraded to 2.6.0.244, Netwrix recommends all users enable multi-factor authentication (MFA) in Netwrix Recovery for Active Directory. Instructions for enabling MFA can be found in this help center article.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for all listed vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Account Policy - Weak Lockout Policy | 2.6.0.244 |
| Account Policy - Use of Single-factor Authentication | 2.6.0.244 |
FAQ
-
How do I determine the current version of Netwrix Recovery for Active Directory?
The version is displayed on the Configuration node in Netwrix Recovery for Active Directory.
Please contact the Netwrix technical support team should you need assistance.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-03-03T16:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.