Security News > 2021 > March > SolarWinds Blames Intern for 'solarwinds123' Password Lapse

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.

In a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017.

While a preliminary investigation into the attack revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, Crowdstrike's incident response efforts pointed to a revised timeline that established the first breach of SolarWinds network on September 4, 2019.

In the weeks following the revelation, SolarWinds was hit with a class-action lawsuit in January 2021 that alleged the company failed to disclose that "Since mid-2020, SolarWinds Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran," and that "SolarWinds' update server had an easily accessible password of 'solarwinds123'," as a result of which the company "Would suffer significant reputational harm."

"SolarWinds has determined that the credentials using that password were for a third-party vendor application and not for access to the SolarWinds IT systems," the spokesperson said.

"Furthermore, the third-party application did not connect with the SolarWinds IT systems. As such, SolarWinds has determined that the credentials using this password had nothing to do with the SUNBURST attack or other breach of the company's IT systems."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/rAjjh0_0k7M/solarwinds-blame-intern-for-weak.html