Update Server of SolarWinds May be accessed using SolarWinds123 password in 2019
According to the security researcher at the end of 2019, the update server of SolarWinds was accessible by a simple password called Solarwinds123.
Sunday, there was a news breaking that the Orionit product of SolarWinds was hacked by thousands of customers as early as in March and malware introduced to the software update. The cyber attack was not identified for months, jeopardizing computers at leading federal agencies and impacting hundreds of prominent American firms.
During investigations on the damage, experts have begun to raise questions about potentially unusual safety protocols. Vinoth Kumar, a security researcher, told Reuters last year that SolarWinds could easily access their update server using the simple password "solarwinds123."
"This could have been done by any attacker, easily," the news agency Kumar told.
Kumar submitted his e-mail correspondence to SolarWinds when he was contacted for comment. On 19 November 2019, he first told the company about the matter. A few days later on 22 November 2019, the SolarWinds information security team replied.
"Thanks again to you for making a responsible report of the configuration mistake. The misconfiguration of the GitHub repository was fixed and it is no longer open to the public and the care of the credential shown was also enforced.
Initially Kumar told Newsweek it was more than three weeks before the problem was solved. After publishing this post, in June 2018, the researcher went on to say that the issue he had found was present.
The cyber attack is stated to have impacted many of Solar Winds' government clients—including the Department of Homeland Security, the Department of the Treasury and the Department of Commerce. It is not clear whether the password problem has any effect on the cyber attack that succeeded, but it indicates a possible lack of protection by the company. The hack is expected to start in spring several months after the password problem was found on the update server by Kumar.
On Tuesday, the National Security Council of the White House announced "Cyber Unified Coordination Group (UCG) has been established to ensure continued unity of effort across the United States Government in response to a significant cyber incident."
Earlier this Sunday, an emergency order to government agencies was given by the cyber security and infrastructure security agency at the DHS to recognize and shut down SolarWinds by noon on Monday. Private businesses scramble to see whether their data has been revised or stolen.
"SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000," the company said in a Monday SEC filing.
Although the cyber attack was not verified in its responsibility, Russia was a key suspect. Russia has emerged. Embassy of Russia in Washington, D.C. And Russian President Vladimir Putin's spokesperson denied the involvement of the government.