Security researchers have discovered a critical severity vulnerability in one of SolarWinds' most popular software products.
SolarWinds Web Help Desk is a web-based IT service management software that streamlines and automates IT ticketing, asset management, and service management processes. It offers features such as ticketing, incident and problem management, and a self-service portal, designed to improve the efficiency and responsiveness of IT support teams.
The flaw, discovered by cybersecurity researcher Zach Hanley of Horizon3.ai, is a simple (but all-too-common) oversight: admin credentials were left hard-coded into the product. The vulnerability is known as CVE-2024-28987 and has a severity score of 9.1/10. It affects Web Help Desk 12.8.3 HF1 and all previous versions.
The first clean release is 12.8.3 HF2.
Encrypted credentials everywhere
A patch is now available, but it must be installed manually. Since the flaw allows unauthenticated threat actors to log into vulnerable endpoints and manipulate data located there, users are urged to install the fix immediately.
You might think that in a product used by government, education, healthcare, and telecommunications companies (to name a few), such a simple mistake wouldn’t happen. However, hard-coded credentials are something that happens frequently.
In October 2023, Cisco Emergency Responder (CER), the company’s emergency communication system used to respond to crises in a timely manner, had hard-coded credentials. In March 2024, researchers discovered that millions of GitHub projects had the same issue.
During the development stage, many IT professionals hard-code different authentication secrets to make their lives easier. However, they often forget to remove the secrets before publishing the code. Therefore, if any malicious actor discovers these secrets, they will gain easy access to private resources and services, which can lead to data breaches and similar incidents.
Through The Registry
