SolarWinds faced a critical vulnerability in their Web Help Desk software, identified as CVE-2024-28989, which allowed attackers to decrypt stored credentials due to cryptographic weaknesses in the AES-GCM implementation. Though patched in version 12.8.5, the flaw was critical because it stemmed from the use of predictable encryption keys and nonce reuse, potentially leading to the decryption of sensitive information such as database passwords and LDAP/SMTP authentication secrets. This vulnerability was addressed quickly by SolarWinds, but highlighted the importance of robust cryptographic practices.
Source: https://cybersecuritynews.com/solar-winds-web-help-desk-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/solarwinds
"id": "sol409031225",
"linkid": "solarwinds",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
'name': 'SolarWinds',
'type': 'Software Company'}],
'attack_vector': 'Cryptographic Weakness',
'data_breach': {'type_of_data_compromised': ['database passwords',
'LDAP/SMTP authentication '
'secrets']},
'description': 'SolarWinds faced a critical vulnerability in their Web Help '
'Desk software, identified as CVE-2024-28989, which allowed '
'attackers to decrypt stored credentials due to cryptographic '
'weaknesses in the AES-GCM implementation. Though patched in '
'version 12.8.5, the flaw was critical because it stemmed from '
'the use of predictable encryption keys and nonce reuse, '
'potentially leading to the decryption of sensitive '
'information such as database passwords and LDAP/SMTP '
'authentication secrets. This vulnerability was addressed '
'quickly by SolarWinds, but highlighted the importance of '
'robust cryptographic practices.',
'impact': {'data_compromised': ['database passwords',
'LDAP/SMTP authentication secrets'],
'systems_affected': 'Web Help Desk software'},
'lessons_learned': 'Highlighted the importance of robust cryptographic '
'practices.',
'post_incident_analysis': {'corrective_actions': 'Patched in version 12.8.5',
'root_causes': 'Use of predictable encryption keys '
'and nonce reuse'},
'response': {'remediation_measures': 'Patched in version 12.8.5'},
'title': 'SolarWinds Web Help Desk Vulnerability',
'type': 'Vulnerability Exploit',
'vulnerability_exploited': 'CVE-2024-28989'}