{"id":167408,"date":"2024-08-22T17:27:57","date_gmt":"2024-08-22T17:27:57","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=167408"},"modified":"2024-08-22T17:29:44","modified_gmt":"2024-08-22T17:29:44","slug":"solarwinds-hardcoded-credential-flaw-web-help-desk","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/167408\/hacking\/solarwinds-hardcoded-credential-flaw-web-help-desk.html","title":{"rendered":"SolarWinds fixed a hardcoded credential issue in Web Help Desk"},"content":{"rendered":"
<\/div>\n

SolarWinds fixed a hardcoded credential flaw in its Web Help Desk (WHD) software that could allow attackers to gain unauthorized access to vulnerable instances.<\/h2>\n\n\n\n

SolarWinds has addressed a new security flaw, tracked as CVE-2024-28987 (CVSS score of 9.1) in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.<\/p>\n\n\n\n

SolarWinds describes WHD as an affordable Help Desk Ticketing and Asset Management Software that is widely used by large enterprises and government organizations.<\/p>\n\n\n\n

“The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.” reads the advisory<\/strong><\/a> published by the company.<\/em><\/p>\n\n\n\n

The issue affects WHD 12.8.3 HF1 and all previous versions and was addressed with the release 12.8.3 HF2<\/a>.<\/p>\n\n\n\n

The vulnerability was discovered by the security researcher Zach Hanley from Horizon3.ai.<\/p>\n\n\n\n

Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a>\u00a0another SolarWinds Web Help Desk deserialization of untrusted data vulnerability, tracked as\u00a0CVE-2024-28986<\/a>\u00a0(CVSS score of 9.8), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/gwmw><\/gwmw><\/p>\n\n\n\n

The flaw is a Java deserialization issue that an attacker can exploit to run commands on a vulnerable host leading to remote code execution.<\/gwmw><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a> \u2013<\/strong> hacking, Web Help Desk)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

SolarWinds fixed a hardcoded credential flaw in its Web Help Desk (WHD) software that could allow attackers to gain unauthorized access to vulnerable instances. SolarWinds has addressed a new security flaw, tracked as CVE-2024-28987 (CVSS score of 9.1) in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to […]<\/p>\n","protected":false},"author":1,"featured_media":115989,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[4112,9508,9506,10918,687,841,1533,7622,12745,15299],"class_list":["post-167408","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-solarwinds","tag-web-help-desk","tag-whd"],"yoast_head":"\n杭州江阴科强工业胶带有限公司