SolarWinds blames intern for weak ‘solarwinds123’ password

The password ‘solarwinds123’ was publicly accessible on GitHub for more than a year and brought to the firm's attention in 2019

SolarWinds executives have blamed a former intern for leaking a weak company password that was publicly accessible on the internet for more than a year.

The password ‘solarwinds123’ - a critical lapse in password security - was publicly accessible through a private GitHub repository from June 2018, before this was addressed in November 2019. 

SolarWinds CEO Sudhakar Ramakrishna claimed this password was the fault of an intern who’d set it on one of their servers in 2017, speaking at a hearing before the US House Committees on Oversight and Homeland Security.

The password was first discovered in 2019 by security researcher Vinoth Kumar, who told Reuters that it had been set to grant access to the company's update server. 

"I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad," said US Representative Katie Porter, according to CNN. "You and your company were supposed to be preventing the Russians from reading Defense Department emails!"

Related Resource

Employees behaving badly?

Why awareness training matters

Why awareness training matters - whitepaper from MimecastDownload now

In response, Ramakrishna claimed Porter was referencing a password that an intern used on one of their servers in 2017, which was removed after being altered by SolarWinds’ security team. The former CEO Kevin Thompson confirmed ‘solarwinds123’ referred to a “mistake that an intern made”, with the individual posting the password on their own private GitHub account. 

It’s not immediately clear whether the password played a role in the devastating supply-chain attack that saw up to 18,000 businesses compromised by a version of the Orion security platform that was loaded with malware.

SolarWinds, however, denies any connection, having determined the credentials using that password were for a third-party vendor application and not for access to the SolarWinds IT systems. A spokesperson told IT Pro that this software did not connect with the SolarWinds IT systems - and as such the firm has determined the credentials using this password had nothing to do with the attack or other breach of the company's IT systems. 

Kumar, who had first altered SolarWinds to the weak password, tweeted at the time the news broke that his proof-of-concept allowed him to upload a malicious executable to the update server and update it with SolarWinds products. He also cast doubt on the ‘intern’ theory, suggesting in a further tweet that it’s outlandish to suggest an intern with three months’ experience was granted access, only for those credentials not to be rotated out after they left.

Stolen credentials are just one possible theory for how the attackers infiltrated SolarWinds, with the company also investigating whether brute-force guessing played a role or they breached networks using compromised third-party software.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021