Stolen credentials are just one possible theory for how the attackers infiltrated SolarWinds, with the company also investigating whether brute-force guessing played a role or they breached networks using compromised third-party software.
SOLARWINDS PASSWORD UPDATE
Kumar, who had first altered SolarWinds to the weak password, tweeted at the time the news broke that his proof-of-concept allowed him to upload a malicious executable to the update server and update it with SolarWinds products. He also cast doubt on the ‘intern’ theory, suggesting in a further tweet that it’s outlandish to suggest an intern with three months’ experience was granted access, only for those credentials not to be rotated out after they left. Below I will walk through each section of the output from SolarFlare.
SOLARWINDS PASSWORD SOFTWARE
A spokesperson told IT Pro that this software did not connect with the SolarWinds IT systems - and as such the firm has determined the credentials using this password had nothing to do with the attack or other breach of the company's IT systems. SolarFlare is a Authentication Audit / Password dumping tool originally designed for Red Team engagements, but can be used to audit the exposure SolarWinds Orion systems pose to an organization. It’s a powerful yet intuitive program aimed at high-end business users, and it comes with a selection of. SolarWinds, however, denies any connection, having determined the credentials using that password were for a third-party vendor application and not for access to the SolarWinds IT systems. SolarWinds Passportal is rated among the best business password managers across the web. It’s not immediately clear whether the password played a role in the devastating supply-chain attack that saw up to 18,000 businesses compromised by a version of the Orion security platform that was loaded with malware.
0 kommentar(er)
