Security News > 2020 > December > We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'
2020-12-16 00:00

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "Their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on."

Using the exposed account name and password, he was able to upload a file to prove the system was insecure, he said he wrote in his report to SolarWinds, adding that a hacker could use the credentials to upload a malicious executable and add it to a SolarWinds update.

According to FireEye, which looked into the Orion case as part of a probe into an intrusion into its own networks, the trojanized updates were digitally signed with a SolarWinds certificate between March and May 2020.

In its 8-K [PDF] securities filing on Monday, SolarWinds said its Microsoft Office 365 accounts had been hijacked, and build system had been abused, which argues against the possibility that the exposed FTP credentials were used to upload malicious code.

"Based on its investigation to date, SolarWinds has evidence that the vulnerability was inserted within the Orion products and existed in updates released between March and June 2020, was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products," the filing to the SEC stated.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/16/solarwinds_github_password/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215
Github 12 2 45 29 19 95