The problematic password “solarwinds123” was discovered on the public Internet in 2019 by an independent security researcher who warned the company that the vulnerability had exposed the SolarWinds file server.
During a joint hearing between the U.S. Housing Supervision Commission and the Homeland Security Council, several U.S. congressmen grabbed the code at SolarWinds on Friday.
Rep. Katie Porter said: “I have a stronger password than’solarwinds123′, which prevents my kids from watching too much YouTube on the iPad.” “You and your company should block Russians Read the email from the Department of Defense!”
Microsoft President Brad Smith also testified at Friday̵
Smith said to Porter: “As far as I know, there is no sign that the Department of Defense has been attacked.”
SolarWinds representatives told members of Congress on Friday that once a password issue is reported, it will be corrected within a few days.
Theft of credentials is one of the three possible attack vectors SolarWinds is investigating because it is trying to discover how it was initially hacked. These hackers continue to hide malicious code in software updates, which are then pushed by SolarWinds to include Approximately 18,000 customers including many federal agencies.
SolarWinds CEO Sudhakar Ramakrishna said that SolarWinds is exploring other theories, including brute force guessing of company passwords and the possibility that hackers may enter through infected third-party software.
The former CEO of SolarWinds, Kevin Thompson, said in front of Congressman Rashida Tlaib that the password issue was “a mistake made by an intern.”
Thompson said: “They violated our password policy and posted the password on their private Github account.” “Once it was discovered and brought to the attention of my security team, they took it down.”
Neither Thompson nor Ramakrishna explained to lawmakers why the company’s technology allowed the use of such passwords in the first place.
Ramakrishna later proved that the password was used as early as 2017.
Ramakrishna told Porter: “I believe this is a password used by an intern on one of his Github servers in 2017. The password was reported to our security team and was immediately deleted.”
The email between Kumar and SolarWinds indicated that the leaked password allowed Kumar to log in and successfully store the file on the company’s server. Kumar uses this strategy to warn the company that any hacker can upload malicious programs to SolarWinds.
At the hearing, FireEye CEO Kevin Mandia (Kevin Mandia) said that it may not be possible to completely determine how much damage the suspicious Russian hacking activities have caused.
“The most important thing is: we may never know the scope and extent of the loss, and we may never know how the information stolen will benefit the opponent.” Mandia testified.
Mandia said that in order to conduct damage assessments, officials must not only classify and catalog the data they access, but they must also imagine all the ways that foreign actors can use and abuse the data. This is a daunting task.