SolarWinds throws away help desk software keys
- October 17, 2024
- 0
A bug in the SolarWinds Web Help Desk is being actively exploited. SolarWinds left the software’s credentials loose in the source code. CISA, the US government’s cybersecurity agency,
A bug in the SolarWinds Web Help Desk is being actively exploited. SolarWinds left the software’s credentials loose in the source code.
CISA, the US government’s cybersecurity agency, is warning of a flaw in SolarWinds that could have serious consequences. CVE vulnerability–2024–28987 gives the attackers the keys to Web Help Desk, an IT help desk software. Once inside, they can alter internal functions and steal sensitive data. The vulnerability is also being actively exploited.
negligence
The security flaw is due to negligence on SolwarWinds’ part. The IT company left credentials for the software firmly in the source code. “While this vulnerability does not fully compromise the WHD server itself, we have determined that the risk of lateral movement via credentials is high,” explains SolarWinds. More than 800 web help desk environments have been made accessible via the Internet.
SolarWinds discovered the flaw in August and has since released several hot patches for Web Help Desk. Of course, the company encourages customers to implement the patch as quickly as possible. The vulnerability has been added to CISA’s list of actively exploited vulnerabilities.
The patch fixes another vulnerability, CVE-2024-28986. This vulnerability is due to a deserialization flaw in Java code and allows remote code execution. With a CVSS score of 9.6, CVE-2024-28986 is even more critical than CVE–2024–28987, which is assigned a score of 9.1.
Déjà vu
Does the name SolarWinds mean anything to you? To refresh your memory, the company is the owner of the infamous Orion platform, which fell victim to Russian hackers in 2020. The hackers installed holes in the software to spy on tens of thousands of the company’s customers. The leak also had consequences in Belgium.
It is still unclear whether this vulnerability will be of the same magnitude. In any case, CISA does not seem to want to take any risks, as SolarWinds software is still used in critical sectors. Given its recent history, it doesn’t take much to go wrong with SolarWinds to set off alarm bells.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
