Mar 01 2021

Intern caused ‘solarwinds123’ password leak

Category: Password SecurityDISC @ 11:19 am

Initial investigation suggested that the password “solarwinds123” was publicly accessible via a misconfigured GitHub repository since June 17, 2018. The issue was addressed on November 22, 2019.

New details emerged about the security breach, in a hearing before the House Committees on Oversight and Reform and Homeland Security, CEO Sudhakar Ramakrishna confirmed that the password had been in use as early as 2017.

A preliminary investigation revealed that the threat actors behind the SolarWinds attack compromised the SolarWinds Orion supply chain as early as October 2019, but later Crowdstrikes’ researchers dated the initial compromise on September 4, 2019.

“I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad,” Representative Katie Porter of California said. “You and your company were supposed to be preventing the Russians from reading Defense Department emails.”

“I believe that was a password that an intern used on one of his servers back in 2017 which was reported to our security team and it was immediately removed,” Ramakrishna said in response to Porter.

Intern caused ‘solarwinds123’ password

Tags: solarwinds123