("admin/admin" or similar). If these aren't changed, an opponent can literally only log in. The Mirai botnet in 2016 famously contaminated millions of IoT devices by just trying a summary of arrears passwords for devices like routers and cameras, since customers rarely changed all of them. - Directory listing enabled on the net server, exposing most files if zero index page is present. This might reveal sensitive documents. - Leaving debug mode or verbose error messages on in production. Debug pages can give a wealth of info (stack records, d
Like
Comment
Share
