CVE-2018-16791

Name of the Vulnerable Software and Affected Versions SolarWinds SFTP/SCP Server versions prior to 2018-09-10

Description The configuration file of the affected software is world readable and writable, storing user passwords insecurely. This allows an attacker to determine passwords for potentially privileged accounts and grants the ability to backdoor the server.

Recommendations For versions prior to 2018-09-10, restrict access to the configuration file to prevent unauthorized modifications and reading of sensitive information. As a temporary workaround, consider implementing additional access controls to limit the potential impact of the insecure password storage.