In keeping with industry best practices to help protect you and your data, users of SolarWinds® Backup will be required to enable two-factor authentication (2FA) in order to continue using the product, as of the upcoming February 13, 2021, release.
To see which of your users have already taken this step, review the user management tab:
Any users that have not already done so will be guided through 2FA configuration when they log in, beginning with this release.
SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. This attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.
*NOTE: Please note DPAIM is an integration module and is not the same as Database Performance Analyzer (DPA), which we do not believe is affected.
SolarWinds products NOT KNOWN TO BE AFFECTED by this security vulnerability:
As an update to our previous notification, we have just received an extension on the revocation date of our current digital certificate to February 22, 2021, 11:59 PST.