SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data The software maker has now issued an update to address that critical oversight; users are encouraged to install the fix, which presumably removes the baked-in creds. The security blunder, tracked as CVE-2024-28987, received a 9.1-out-of-10 CVSS severity rating.

Source: The Register