In 2020, it was discovered that a piece of software by IT company SolarWinds contained a back door that was abused by attackers. Part of the attack involved downloading a malicious software update. The password for the FTP server containing those updates was “solarwinds123” (at least, at some point in 2019). Famously, the CEO blamed it on “an intern.”
A security researcher found this password within a public GitHub repository of the company (see http://mng.bz/1oBj for background information on the attack and its aftermath). We will discuss secure passwords in the next chapter, but this chapter will focus on better ways to store secrets, such as passwords, within an application. There does not seem to be an obvious, simple solution for this task, as numerous examples prove: