Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SolarWinds Patches Critical Vulnerabilities In The Orion Platform

SolarWinds Patches Critical Vulnerabilities In The Orion Platform

Even with the security updates prompted by the recent SolarWinds Orion supply-chain attack, researchers still found some glaring vulnerabilities affecting the platform, one of them allowing code execution with top privileges.

Three issues have been found, two of them exploitable by a local attacker. A third one, the most severe of all, allows a remote, unprivileged actor to take control of the Orion platform.

Taking control of the platform

The vulnerabilities have been discovered and reported to SolarWinds by Martin Rakhmanov, Security Research Manager, SpiderLabs at Trustwave, and have proof-of-concept (PoC) exploit code available.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

The researcher did not publish the demo code with the report today to give users longer time to install the official patches from SolarWinds. However, the grace period expires on February 9, when the PoCs for all three vulnerabilities will be publicly available.

Analyzing a demo copy of the SolarWinds Orion software, Rakhmanov noticed that it uses the Microsoft Message Queue (MSMQ) technology and started to poke around.

He noticed that the SolarWinds Orion Collector service relies heavily on MSMQ, with a large list of private queues available, all of them unauthenticated.

This means that unauthenticated users can send messages to the queues over TCP port 1801, the researcher explains. Due to an insecure deserialization, an unprivileged user can execute arbitrary code remotely.

“Given that the message processing code runs as a Windows service configured to use LocalSystem account, we have complete control of the underlying operating system” – Martin Rakhmanov

SolarWinds addressed this issue (CVE-2021-25274) by adding a digital signature validation step when new messages arrive. Without a valid signature, messages are no longer processed. MSMQ, though, remains unauthenticated and can receive messages from anyone.

Easy-to-grab database creds

A second vulnerability (CVE-2021-25275) that Rakhmanov discovered was that the credentials for the Orion backend database were insufficiently protected and local users had unrestricted access to them.

The researcher found the sensitive data in the SOLARWINDS_ORION configuration file that could be read by locally authenticated users.

The credentials are not in plain text and the researcher had to find the code that decrypted them. According to Rakhmanov, this was not a difficult task and could be achieved with only one line of code.

“In the end, unprivileged users who can log in to the box locally or via RDP will be able to run decrypting code and get a cleartext password for the SolarWindsOrionDatabaseUser” – Martin Rakhmanov

After authenticating to the Microsoft SQL Server with the recovered credentials, a threat actor would have complete control over the SolarWinds Orion database and could steal information or add admin-level users.

Unrestricted local access to FTP

The third vulnerability (CVE-2021-25276) is in the SolarWinds Serv-U FTP Server. The researcher discovered that the accounts are stored in separate files on the disk and that an authenticated user has access to them.

“Directory access control lists allow complete compromise by any authenticated Windows user. Specifically, anyone who can log in locally or via Remote Desktop can just drop a file that defines a new user, and the Serv-U FTP will automatically pick it up” – Martin Rakhmanov

The FTP server runs with LocalSystem permissions, so by creating an admin account, an attacker could set the home directory to the root of the system drive and thus open the door to read or replace any file there.

Also Read: Letter of Consent MOM: Getting the Details Right

Trustwave’s SpiderLabs started to disclose the vulnerabilities to SolarWinds on December 30, 2020, and by January 25, 2021, the software maker had rolled out patches for all of them.

Administrators can get the fixes by installing Orion Platform 2020.2.4 and by applying Hotfix 1 for ServU-FTP 15.2.2.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us