Will Dormann on Nostr: This Solarwinds hardcoded credential thing... CVE-2021-35232 : SolarWinds Web Help ...
This Solarwinds hardcoded credential thing...
CVE-2021-35232 : SolarWinds Web Help desk uses hardcoded credentials: helpdeskIntegrationUser:dev-C4F8025E7
https://www.assetnote.io/resources/research/solarwinds-web-help-desk-when-the-helpdesk-is-too-helpful
CVE-2024-28987 : SolarWinds Web Help desk uses hardcoded credentials: helpdeskIntegrationUser:dev-C4F8025E7
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
Can somebody explain to my naive brain how CVE-2024-28987 is new?
SolarWinds is blocking the resources accessed with the hardcoded credentials, as opposed to... removing the hardcoded credentials?
When will the next CVE be issued for something else that can be done with the credentials? 🤔
CVE-2021-35232 : SolarWinds Web Help desk uses hardcoded credentials: helpdeskIntegrationUser:dev-C4F8025E7
https://www.assetnote.io/resources/research/solarwinds-web-help-desk-when-the-helpdesk-is-too-helpful
CVE-2024-28987 : SolarWinds Web Help desk uses hardcoded credentials: helpdeskIntegrationUser:dev-C4F8025E7
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
Can somebody explain to my naive brain how CVE-2024-28987 is new?
SolarWinds is blocking the resources accessed with the hardcoded credentials, as opposed to... removing the hardcoded credentials?
When will the next CVE be issued for something else that can be done with the credentials? 🤔