Why go to the effort of backdooring code when devs will basically do it for you accidentally anyway
SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data…
This article has been indexed from The Register – Security