back to article Fistful of flaws blow away SolarWinds network appliances

Admins of SolarWinds system management systems can block out a biggish chunk of their diaries to implement a bunch of serious patches. There are five bugs of varying seriousness in the company's Log and Event Manager appliance discovered by KoreLogic and posted to Full Disclosure. Four of the bugs depend on an attacker …

  1. Anonymous Coward

    Dear Devlopers

    Can you set your appliance to disable all connections in by default allowing only one or two e.g. https / ssh before shipping.

    Upon first login ALL passwords for these ports must be changed before setup can be completed. Once in, before enabling any additional connection ports, a password MUST be entered.


    The World.

  2. Anonymous Coward
    Anonymous Coward

    Memo to SolarWinds developers

    Please stay with Windows. Linux is too difficult for you.

  3. John Smith 19 Gold badge

    Disabling default logins <> running full patch.

    Likewise not having an IPv6 connection is not the same as not having a vulnerability ready to be used.

    Sadly I suspect some sysadmins may feel that is all that is necessary in these cases.

  4. Anonymous Coward

    The default password for the cmc user is password

    'Should an attacker gain access to the SSH console for the cmc user, root access to the underlying operating system can be achieved. The default password for the cmc user is "password".' script

    Good Grief !!!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like