Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

by Joel Hruska

The SolarWinds saga keeps getting worse as time goes by. Several days ago, news broke that some 18,000 companies had been compromised by a nation-state actor. The attackers in question are believed to be affiliated with Cozy Bear, aka APT29, aka the Russian government. The hack has hit multiple US government agencies, the security company FireEye, and a whole lot of other companies.

When these sorts of breaches occur, a major question is how the hackers were able to gain entry in the first place. SolarWinds is a major US company that develops network and infrastructure management software, and it has an enormous client list. It appears security researchers have been trying to get the company to pay attention to major flaws in its defenses for some time.

Security researcher Vinoth Kumar told Reuters that he contacted the company in 2019, alerting it that anyone could access its update server by guessing the password “solarwinds123.” Reuters also reports that hackers claiming they could sell access to SolarWinds’ computers since 2017. It is not clear from the wording of the story whether the offer was for a method of infiltrating SolarWinds itself, or if the black hat was offering to sell access to computers that used SolarWinds software.