("admin/admin" or similar). If these aren't changed, an opponent can literally just log in. The Mirai botnet inside 2016 famously attacked millions of IoT devices by just trying a listing of default passwords for devices like routers plus cameras, since customers rarely changed these people. - Directory listing enabled on the web server, exposing almost all files if zero index page is usually present. This may well reveal sensitive data files. - Leaving debug mode or verbose error messages on in production. Debug pages can supply a wealth inv
Me gusta
Comentario
Compartir
