SolarWinds Officials Blame Intern for ‘solarwinds123’ Password

Authored by gizmodo.com and submitted by treetyoselfcarol
image for SolarWinds Officials Blame Intern for ‘solarwinds123’ Password

Photo : Kirill Kudryavtsev/AFP via Getty Images) ( Getty Images )

The SolarWinds drama just won’t stop. It’s a tale of Russian hackers’ —and potentially Chinese hackers’ —alleged email spying, and a gaping hole of security vulnerabilities that seems to get worse as more details come to light. Now, we can add yet another twist to the story: the laughably insecure password “solarwinds123.” In this last case, SolarWinds would like you to know that it was the intern’s fault.

In a joint hearing on Friday, former SolarWinds CEO Kevin Thompson told representatives from the House Oversight and Homeland Security Committees that the “solarwinds123” password, which protected a server at the company, was “related to a mistake an intern made, and they violated our password policies.” Thompson explained to lawmakers that the intern had posted the password on their own private GitHub account.

“As soon as it was identified and brought to the attention of my security team, they took that down,” Thompson said.

The password security problem dates back to at least 2018, although testimony provided by SolarWinds on Friday indicates that it could go back even further. In December, security researcher Vinoth Kumar told Reuters that he warned SolarWinds that anyone could access its update server using “solarwinds123.” CNN reported that the password had been accessible online since at least June 2018.

However, at the hearing, Sudhakar Ramakrishna, SolarWinds’ current CEO, told lawmakers that the “solarwinds123” password was used on one of the intern’s servers back in 2017.

According to CNN, Kumar showed SolarWinds that the password allowed him to log in and deposit files on its server. This was a way for any hacker to upload malicious programs to SolarWinds, the researcher stated.

“I’ve got a stronger password than ‘solarwinds123' to stop my kids from watching too much YouTube on their iPad,” Rep. Katie Porter, democrat of California, told SolarWinds officials at the hearing.

At this point though, it’s still uncertain whether the password leak played a role in the SolarWinds hack, CNN noted, which is believed to be the largest foreign intrusion campaign in U.S. history. This month, White House national security adviser Anne Neuberger stated that approximately 100 different companies and nine federal agencies, including the one that oversees the country’s nuclear weapons, had been compromised by foreign hackers.

The government is currently investigating the hack, and it’s still unclear what data hackers could have gotten access to. The investigation is expected to take several months. Kevin Mandia, CEO of FireEye, the cybersecurity company that discovered the hack, has said we may never know the scope of the attack.

“The bottom line: We may never know the full range and extent of damage, and we may never know the full range and extent as to how the stolen information is benefitting an adversary,” Mandia said.

Nonetheless, we do know one of the causalities of the attack: a poor unnamed intern that SolarWinds threw under the bus.

hayden_evans on February 28th, 2021 at 05:01 UTC »

I think this makes it more embarrassing for them - handing over admin access to an intern is a pretty rookie fucking move on their part.

icematrix on February 28th, 2021 at 04:12 UTC »

An intern has this level of access, why? Because management is garbage.

gothlaw on February 28th, 2021 at 02:21 UTC »

Yeah, because we always give the intern administrator-level privileges to the secure server.

You can smell absolute bullshit from 1000 miles away.