SolarWinds Blame Intern for Weak Password That Led to Biggest Attack in 2020


As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.

The said password “solarwinds123” was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019.

But in a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017.

Read more…