A critical authentication bypass vulnerability in Rapid7 InsightVM allows unauthenticated attackers to hijack Security Console accounts and gain full administrative control over the environment.

This vulnerability stems from a failure to verify signatures on the Assertion Consumer Service (ACS) cloud endpoint. An unauthenticated remote attacker can submit unsigned assertions to the endpoint, which the application processes to issue valid session cookies for targeted user accounts.

The potential consequences of this flaw are severe, as it enables a complete compromise of the InsightVM Security Console. Successful exploitation allows an attacker to gain full account takeover, providing access to sensitive vulnerability data, asset configurations, and security reporting. With a CVSS score of 9.6, this represents a Critical risk to organizational data integrity and confidentiality.

Immediate Action: Administrators must upgrade Rapid7 InsightVM to version 8.34.0 or later immediately to patch the signature verification logic.

Proactive Monitoring: Security teams should review access logs for the ACS endpoint for any anomalous session generation or unrecognized login events originating from external IP addresses.

Compensating Controls: Ensure the Security Console is not exposed to the public internet and restrict access to the web interface via a VPN or trusted management network.

Public Exploit Available: No

This vulnerability represents a significant threat to the security posture of any organization utilizing Rapid7 InsightVM. The ability for an unauthenticated attacker to bypass authentication mechanisms and take over administrative accounts is a worst-case scenario. It is strongly recommended that the patch to version 8.34.0 be applied within 24 hours to mitigate the risk of exploitation.