6
That one week I ran a full network audit without a password manager was a nightmare
My last week at a client site in Phoenix turned into 12-hour days after I found 40% of their 200+ devices still using the same default admin passwords from 2018, and the IT manager just shrugged when I showed him, has anyone else run into a company that refuses to update their credentials even after you prove they're vulnerable?
3 comments
Log in to join the discussion
Log In3 Comments
the_sandra1mo ago
Honestly, are we really acting like default admin passwords from 2018 are that big of a deal? Most of those older routers and switches can't even be exploited remotely without being on the same physical network already. I've seen way worse, like a medical office that still uses 'password123' on their patient portal because "it works fine." As long as nobody's actively trying to break in, it's usually just a lot of drama over nothing.
3
grace50829d ago
You really think a default admin password from 2018 is no big deal? That's just asking for trouble. Once someone is on the same network, they can scan for those default creds in seconds and take over everything. Plus there are tons of IoT devices that still use those old passwords and are exposed to the internet through port forwarding or UPnP. One compromised device can be a foothold to pivot deeper into the whole network. Medical offices with 'password123' are definitely a nightmare but that doesn't make old defaults any less dangerous. Saying it's drama until someone loses patient data or gets ransomware is like saying a fire extinguisher is overkill until the place burns down.
8