A critical vulnerability in SolarWinds’ Web Help Desk software (CVE-2024-28989) allowed attackers to decrypt sensitive credentials, including database passwords and LDAP/SMTP authentication secrets, through cryptographic weaknesses in its AES-GCM implementation. Patched in version 12.8.5, the flaw stemmed from predictable encryption keys and nonce reuse, enabling practical decryption of stored secrets even without direct system access. […]
The post SolarWinds Web Help Desk Vulnerability Let Hackers Access Stored Passwords – PoC Released appeared first on Cyber Security News.
This article has been indexed from Cyber Security News