web analytics

Critical hardcoded SolarWinds credential now exploited in the wild – Source: go.theregister.com

critical-hardcoded-solarwinds-credential-now-exploited-in-the-wild-–-source:-gotheregister.com
Rate this post

Source: go.theregister.com – Author: Jessica Lyons

A critical, hardcoded login credential in SolarWinds’ Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.

This 9.1 CVSS-rated oversight allows remote, unauthenticated attackers to log into vulnerable instances via these baked-in creds, and then access internal functionality and modify sensitive data.

This is the SolarWinds best known for the backdoor maliciously added to its Orion suite in a supply-chain attack by Russia on public and private organizations around the world.

While we don’t have any details about the scope of this latest exploitation, the software maker did correct its error in late August.

“We have seen no threat activity against patched instances and encourage all customers to update SolarWInds Web Help Desk (WHD) 12.8.3 HF1 and all previous versions to 12.8.3 HF2,” a SolarWinds spokesperson told The Register, while sidestepping our questions about the exploit scope.

CISA declined to provide extra information about the bug or how miscreants have abused it, beyond what’s provided in the KEV.

The security oversight, tracked as CVE-2024-28987, affects Web Help Desk 12.8.3 HF1 and all previous versions, and has been fixed in 12.8.3 HF2. Note: the patch needs to be manually installed, and if you haven’t already done so, add this to the to-do list.

As of late September, about 827 instances of SolarWinds Web Help Desk remained publicly exposed to the internet, according to Zach Hanley, a vulnerability researcher at Horizon3.ai who found and disclosed the flaw to SolarWinds.

“When assessing the exposure of our own clients, we found that organizations typically revealed sensitive process information for IT procedures such as user onboarding, password resets, and accessing shared resources,” Hanley said at the time.

“While this vulnerability does not lead to fully compromising the WHD server itself, we found the risk of lateral movement via credentials was high,” he wrote.

WHD is popular with state and local governments, and the education sector, Hanley added.

This is SolarWinds’ second actively exploited bug in this same product in two months.

On August 13, the software maker released a hotfix for a critical deserialization remote code execution vulnerability in WHD, this one receiving a 9.8 CVSS severity rating. The flaw, tracked as CVE-2024-28986, was added to CISA’s Known Exploited Vulnerabilities catalog two days later. ®

Original Post URL: https://go.theregister.com/feed/www.theregister.com/2024/10/16/solarwinds_critical_hardcoded_credential_bug/

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE
Federal Office for Information Security
El estado de la seguridad informática en Alemania en 2023
El estado de la seguridad...
Microsoft
GDPR & Generative AI
GDPR & Generative AI
European Union Agency for Fundamental Rights
GDPR IN PRACTICE
GDPR IN PRACTICE
FS.ISAC
Navigating Cyber
Navigating Cyber
KPMG
Fraud risk management
Fraud risk management
CYFIRMA
Fletchen Stealer
Fletchen Stealer
IGNITE Technologies
FILE TRANSFER CHEAT SHEET
FILE TRANSFER CHEAT SHEET
Securesee
CYBER CRISIS INVESTIGATION AND MANAGEMENT
CYBER CRISIS INVESTIGATION AND MANAGEMENT
ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys

More Latest Published Posts

Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense