A critical vulnerability in SolarWinds’ Web Help Desk (WHD) software has been identified, allowing remote, unauthenticated attackers to exploit hardcoded credentials embedded in the system.
Tracked as CVE-2024-28987, this flaw has been assigned a severity score of 9.1 on the CVSS scale, indicating its high-risk nature.
The vulnerability enables attackers to access internal functionalities and modify sensitive data, including help desk tickets that often contain confidential information such as passwords and shared service account credentials.
The hardcoded credentials specifically a default username “helpdeskIntegrationUser” and password “dev-C4F8025E7” could be leveraged by malicious actors to gain unauthorized access to WHD endpoints.
This flaw, present in versions 12.8.3 HF1 and earlier, has already been exploited in the wild, prompting the U.S.
Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog.
Organizations using vulnerable versions of WHD are strongly urged to update to version 12.8.3 Hotfix 2 or later to mitigate this risk.
Broader Implications for IT Security
The exploitation of CVE-2024-28987 highlights significant risks associated with hardcoded credentials in enterprise software.
Attackers can remotely read and modify help desk ticket details, exposing sensitive IT processes such as user onboarding, password resets, and shared resource access.
While this vulnerability does not directly compromise the WHD server itself, it increases the risk of lateral movement within affected networks through exposed credentials.
The disclosure comes amid heightened scrutiny of SolarWinds following its infamous Orion supply chain attack in 2020.
Although SolarWinds has released patches addressing the issue, cybersecurity experts warn that unpatched systems remain highly vulnerable to exploitation.
Horizon3.ai researchers, who discovered the flaw, reported over 800 publicly accessible instances of WHD globally, with many located in critical sectors such as government, healthcare, and telecommunications.
Mitigation Measures
SolarWinds has issued an urgent advisory recommending immediate updates to WHD version 12.8.3 Hotfix 2 or later.
Administrators are advised to follow patching instructions carefully to ensure secure deployment and mitigate potential risks.
Additionally, organizations should review their IT environments for exposed instances of WHD and implement robust security practices such as disabling unused accounts and monitoring network traffic for unusual activity.
While SolarWinds has stated that no threat activity has been observed against patched systems, the active exploitation of this vulnerability underscores the importance of timely updates and proactive security measures.
.webp?w=1200&resize=1200,0&ssl=1 "Fault Injection Attacks")
%20software%20has%20been%20identified,%20allowing%20remote,%20unauthenticated%20attackers%20to%20exploit%20hardcoded%20credentials%20embedded%20in%20the%20system.){kind=link}