It is a bad idea for your help desk of app admins to give everybody the same new default password. Each one should be unique.
“... Just managed to get 150 accounts including 1 domain admin by spraying the company's default password, and it takes all the fun out of the pen test...”
https://twitter.com/cl0ckw3rksec/status/977541903955742720?s=21
No comments:
Post a Comment