Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Solarwinds fixes code execution bug in enterprise helpdesk software

Enterprise software firm Solarwinds has fixed a critical bug in its Web Help Desk software that allowed attackers to execute arbitrary Hibernate Query Language (HQL) code.

Solarwinds Web Help Desk is a helpdesk ticketing and asset management solution that allows customers to manage end user trouble tickets and track the service request lifecycle via a centralized web interface.

However, security firm Assetnote discovered it contained hardcoded credentials, which were automatically accepted at several locations in the source code and which enabled access to sensitive controllers.

HQL injection

As explained in a technical blog post, an attacker could execute HQL queries against the database models defined in the source code and read the password hashes of the registered users, including administrator password hashes.

And as well as reading sensitive information from the database, attackers could carry out other SQL operations, such as INSERT/UPDATE/DELETE, as long as a Hibernate model existed for the database tables, in the codebase.

“Through hardcoded credentials, it is possible to access an endpoint which lets you evaluate arbitrary HQL,” Shubham Shah, co-founder and CTO of Assetnote, tells The Daily Swig.

“This ultimately allows you to perform read and write operations on the database. Through this HQL evaluation, we were able to extract the administrator password hashes.”

Vulnerable instances

Shah says the team found numerous instances that were vulnerable to the exploitation in the wild.

“We went through the active installations for Solarwinds Web Help Desk on the internet and found that our exploit was still valid even though there were some restrictions that needed to be passed before exploiting the issue,” he says.

Shah added: “The use of hardcoded credentials is a poor security design decision, as anyone can obtain these credentials through reverse engineering.”

“A number of authentication systems in the application rely on these hardcoded credentials, which are not to be considered secret.”

Patch timeline

Assetnote reported the issue to Solarwinds on October 31 last year, with the release of Web Help Desk 12.7.7 Hotfix 1 on December 23.

“We have no evidence that any customers were impacted by this software vulnerability, which would have required a threat actor to have local, on-premise and direct access to the WHD server,” a Solarwinds spokesperson tells The Daily Swig.

Assetnote warns that many organizations focus too much on in-house software and network issues, and fail to appreciate the risks of third-party enterprise software which, it says, often contains vulnerabilities.

Source: https://portswigger.net/daily-swig/solarwinds-fixes-code-execution-bug-in-enterprise-helpdesk-software

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration...

Cyber Security

Twitter faced further criticism this week when Elon Musk’s social networking platform announced SMS-based 2FA will only be available to paying customers going forward....

Cyber Security

ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through new research, with existing metrics deemed responsible for “overhyping” some vulnerabilities. So-called “overinflated” ratings...

Cyber Security

KeePass has become the latest password manager utility obliged to defend its reputation following the discovery of an alleged vulnerability. Security researchers warned that it might be...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO