Hidden ‘backdoor’ in Dell security software gives hackers full access

Security researchers from Digital Defense, a Texas-based security firm, have found not one but six critical vulnerabilities in Dell security management software which could allow potential hackers to remotely take over the system.

The researchers said that one of the most “critical” flaws involves a hidden default account aka ‘backdoor’ with an easily-guessable password in Dell’s Sonicwall Global Management System (GMS), a widely-used software used to centrally monitor and manage an enterprise’s array of networked security devices. The researchers found that this password could be easily exploited to gain”full control” of the software and all connected appliances, such as virtual private networking (VPN) appliances and firewalls.

The researchers have put forward their findings in an advisory. The researchers said that these are critical vulnerabilities but they have found no evidence to suggest that these flaws have been exploited by hackers in the wild.

They have already notified Dell who has said that its most recent versions of the GMS software — versions 8.0 and 8.1 are affected. The company has issued patches and a security advisory, in which Dell said that it “highly recommends” that admins install the hotfix, available from its support pages.

A Dell spokesperson was unavailable for comment.