The Briefing Room

State Chapters => Texas => Topic started by: mystery-ak on March 01, 2021, 06:45:00 pm

Title: Former SolarWinds CEO Blames Intern for Setting Password ‘solarwinds123’
Post by: mystery-ak on March 01, 2021, 06:45:00 pm

Former SolarWinds CEO Blames Intern for Setting Password ‘solarwinds123’

Lucas Nolan 1 Mar 2021

Texas-based software company SolarWinds was the victim of a major hack recently that affected multiple government agencies and corporate clients. In a hearing before the House Oversight and Homeland Security Committees, the company’s former CEO blamed an intern that changed a company password to “solarwinds123.”

Gizmodo reports that there has been a new development in the SolarWinds hacking saga, with the company’s former CEO Kevin Thompson blaming the hack partly on a company intern and an insecure server.

In a joint hearing on Friday, Thompson told representatives from the House Oversight and Homeland Security Committees that one SolarWinds server was protected by a very simple password: “solarwinds123.”

Thompson alleged that this was “related to a mistake an intern made, and they violated our password policies.” Thompson further explained that the intern posted the password on their own private GitHub account. “As soon as it was identified and brought to the attention of my security team, they took that down,” Thompson said.

The password issue dates back to at least 2018 although testimony provided by SolarWinds on Friday appears to indicate that it could go back even further. Security researcher Vinoth Kumar told Reuters that he warned SolarWinds that anyone could access its update server using the “solarwinds123” password in December. According to CNN, the password was accessible online since at least June 2018.

However, at the hearing, SolarWinds’ current CEO, Sudhakar Ramakrishna, told lawmakers that the password was used on one of the intern’s servers in 2017.

more
https://www.breitbart.com/tech/2021/03/01/former-solarwinds-ceo-blames-intern-for-setting-password-solarwinds123/

Title: Re: Former SolarWinds CEO Blames Intern for Setting Password ‘solarwinds123’
Post by: PeteS in CA on March 01, 2021, 07:34:51 pm

Holy bleep! I cannot remember how many decades ago I knew not to use simple & obvious passwords!

Title: Re: Former SolarWinds CEO Blames Intern for Setting Password ‘solarwinds123’
Post by: thackney on March 01, 2021, 08:08:43 pm

Quote from: PeteS in CA on March 01, 2021, 07:34:51 pm

Holy bleep! I cannot remember how many decades ago I knew not to use simple & obvious passwords!

And did you understand not to give the intern the ability to change the company password?

Title: Re: Former SolarWinds CEO Blames Intern for Setting Password ‘solarwinds123’
Post by: Cyber Liberty on March 01, 2021, 09:10:51 pm

Quote from: thackney on March 01, 2021, 08:08:43 pm

And did you understand not to give the intern the ability to change the company password?

This was supposedly on "her" server, so it was probably not company-wide (but allowed outsiders to get to more important servers).  I'm surprised the company did not have safeguards against that.  My company's security software would not allow users to pick easy passwords, or reuse old ones, and forced a change every 90 days.

Regardless, it could have been an insanely complicated password and it would have still granted admittance to hackers because she posted the password on an unsecured site.