Thycotic Secret Server 10.8

A security fix for Secret Server was released in early June 2020 – Learn what you need to know about Secret Server Release 10.8 from Thycotic here.

10.8.000004 Release Notes

Note: The system requirements last changed with version 10.7.000000.

Upgrade Notes

  • Thycotic encourages all customers to upgrade at the earliest opportunity.
  • Security advisories are under review and will be published at the end of that review process. The link to that advisory will appear here.
  • Thycotic thanks Jay Huang from Insomnia Security for identifying the security issues leading to this release.


High Priority Security Fix

Addressed incorrect user permissions validation.

Additional Security Fixes

  • Added Custom “URL Security Check” to the Secret Server Security Hardening report. Thycotic recommends configuring the Custom URL.
  • Added host and port validation when using a proxied secret.
  • Remediated potential cross-site scripting vulnerability.
  • Modified user access controls to limit low-privilege application user access to administrative features.
  • Implemented SHA-512 hashes for the launcher, replacing an older hash algorithm.
  • Removed disclosure of internal IP addresses during authentication process of proxied connections.
  • Modified when cookies are set during authentication.


→ You can find these release notes and other versions quickly and easily with us:

Delinea specializes in password management and endpoint security solutions.
FYRE Consulting is an official authorized partner of Delinea.