CVE-2024-28987
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
In short
SolarWinds Web Help Desk contains hardcoded login credentials embedded in the software, allowing anyone on the internet to gain unauthorized access and modify internal data without authentication.
Technical detail
CWE-798 hardcoded credential vulnerability in SolarWinds WHD enables unauthenticated remote access to internal functionality via fixed credentials. An attacker can bypass authentication mechanisms and manipulate system data without prior authorization or user interaction.
Summary generated and translated by AI from the official description.
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
SolarWinds · Web Help Deskpublic PoCs found — 3
githubgithub.com/gh-ost00/CVE-2024-28987-POC★ 12githubgithub.com/horizon3ai/CVE-2024-28987★ 7githubgithub.com/alecclyde/CVE-2024-28987★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-28987https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/