A critical, hardcoded credential bug in SolarWinds’ Web Help Desk products has been found and exploited by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the flaw to its Known Exploited Vulnerabilities Catalog. This 9.1 CVSS-rated flaw allows remote, unauthenticated attackers to log into vulnerable instances via these baked-in creds, and then access internal functionality and modify sensitive data.

Source: The Register