(The story has been revised to to clarify that Serv-U is not vulnerable to the Log4Shell attacks. While this directly contradicts Microsoft's original disclosure that attackers were exploiting the previously undisclosed vulnerability in the SolarWinds Serv-U managed file transfer service to propagate Log4j attacks, the attempts ultimately failed because the vulnerable Log4j code isn't present in the software. "The activity Microsoft was referring to in their report was related to a threat actor attempting to login to Serv-U using the Log4j vulnerability but that attempt failed as Serv-U does not utilize Log4j code and the target for authentication LDAP (Microsoft Active Directory) is not susceptible to Log4J attacks," a company spokesperson said. Update: In a statement shared with The Hacker News, SolarWinds pointed out that its Serv-U software wasn't exploited in the Log4j attacks, and that attempts were made to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws. The password in question, 'solarwinds123,' was discovered in 2019 on the public.
#Solarwinds password update#
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password solarwinds123. Experts are reviewing their notes to find old examples of substandard security at the company. 'Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years,' reports CNN. SolarWinds use the password 'solarwinds123' on their Update Servers.
#Solarwinds password install#
On top of this, a China-based hacking group has been previously observed exploiting a critical security vulnerability affecting SolarWinds Serv-U ( CVE-2021-35211) to install malicious programs on the infected machines. SolarWinds' Former CEO Blames Intern for 'solarwinds123' Password Leak (cnn.com) 172. Akamai researchers, in an analysis published this week, also found evidence of the flaws being abused to infect and assist in the proliferation of malware used by the Mirai botnet by targeting Zyxel networking devices.
0 kommentar(er)
