23rd August 2024
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,174
|
|
SolarWinds left critical hardcoded credentials in its Web Help Desk product
From https://www.theregister.com/2024/08/...olarwinds_whd/:
Quote:
SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data
The software maker has now issued an update to address that critical oversight; its users are encouraged to install the fix, which presumably removes the baked-in creds.
The security blunder, tracked as CVE-2024-28987, received a 9.1-out-of-10 CVSS severity rating. It affects Web Help Desk 12.8.3 HF1 and all previous versions, and has been fixed in 12.8.3 HF2. The hotfix patch, issued yesterday, has to be manually installed.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|