![]() This issue has been resolved on September 13, 2021. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. Hard coded credentials discovered in SolarWinds Web Help Desk product. SolarWinds recommends scheduling an update to the latest version of Serv-U. To insure proper input validation is completed in all environments. Please Note: No downstream affect has been detected as the LDAP servers ignored improper characters. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. ![]() ![]() SolarWinds has removed this input field to prevent the misuse of this input in the future. ![]() SolarWinds received a report of a vulnerability related to an input that was not sanitized in WebHelpDesk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |