DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 23rd August 2024
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,174
Default SolarWinds left critical hardcoded credentials in its Web Help Desk product

From https://www.theregister.com/2024/08/...olarwinds_whd/:
Quote:
SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data

The software maker has now issued an update to address that critical oversight; its users are encouraged to install the fix, which presumably removes the baked-in creds.

The security blunder, tracked as CVE-2024-28987, received a 9.1-out-of-10 CVSS severity rating. It affects Web Help Desk 12.8.3 HF1 and all previous versions, and has been fixed in 12.8.3 HF2. The hotfix patch, issued yesterday, has to be manually installed.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 24th August 2024
jmccue jmccue is offline
Real Name: John McCue
Package Pilot
 
Join Date: Aug 2012
Location: here
Posts: 194
Default

Yes this can happen, but you would think the company would have beefed up their QA.

I do nor understand why they are not in Chapter 11 by now.
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars (tvtropes.org)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SolarWinds Hackers Strike Again frcc News 2 31st May 2021 07:12 PM
Vulnerability in VMware product has severity rating of 9.8 out of 10 J65nko News 0 26th May 2021 08:35 PM
Security SolarWinds US Senate hearing J65nko News 1 28th February 2021 02:29 PM
Security Staunch your Heartbleed patching: FreeBSD has a nasty credentials leak J65nko News 2 12th May 2014 06:40 PM
Security GitHub search exposes uploaded credentials J65nko News 1 26th January 2013 12:15 AM


All times are GMT. The time now is 06:16 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick