- Found the password, it was a ceaser 9 cypher tried the login on all public account names. Got in with arodriguez.
- When I was testing passwords on all the users
- 7 because i agree with cvss, but I believe that it can be avoided with good configuration so I think their score of 7.5 is too high.
- They did not want to pay for security, and they believed in security by obscurity
- I disagree, as there is no such thing as an internal problem only. I also believe that security by obscurity is an incorrect assumption. Also a bad actor will lose them more money then losing the contract.
- Security by obscurity (Changed port)
- No this is because yet again security by obscurity is not an effective strategy, They could have implemented a system in which they separated their internal networks.
- No You should just solve vulnerabilities when you have a way to do so, like this company
- medium risk is as high as I would go with acceptance, this is related to the fact that you can push risk onto other people using contractors. Higher then that is negligent.
- The only person who can accept the fault is Sarah Johnson, because she approved/accepted the risk.