SolarWinds

SolarWinds faced a critical vulnerability in their Web Help Desk software, identified as CVE-2024-28989, which allowed attackers to decrypt stored credentials due to cryptographic weaknesses in the AES-GCM implementation. Though patched in version 12.8.5, the flaw was critical because it stemmed from the use of predictable encryption keys and nonce reuse, potentially leading to the decryption of sensitive information such as database passwords and LDAP/SMTP authentication secrets. This vulnerability was addressed quickly by SolarWinds, but highlighted the importance of robust cryptographic practices.

Source: https://cybersecuritynews.com/solar-winds-web-help-desk-vulnerability/

"id": "sol409031225",
"linkid": "solarwinds",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"