28
My company's IT guy left a default admin password on our server for 3 years
I was working late at our office in Austin last Tuesday when I noticed our server dashboard had no login restrictions (yeah, scary). Turns out the previous IT admin set it up with 'admin123' in 2021 and never changed it, not a single time. I found out because I accidentally stumbled into the config panel while troubleshooting a slow network issue. I immediately locked it down with a 16 character randomized password and forced 2FA for everyone. Has anyone else found stuff like this at their job and did you report it or just fix it quietly?
2 comments
Log in to join the discussion
Log In2 Comments
the_shane3d ago
Found the same thing at a manufacturing plant a couple years back. Server login was literally 'password' and IT swore it was fine because "nobody knows the IP." Fixed it myself, changed credentials and set up 2FA, then sent a brief email to my manager saying I discovered a security risk and resolved it. Didn't name names or make a big deal about it. That got me a meeting with the VP, who was actually grateful I handled it quietly instead of making the old guy look bad. Ended up getting a small bonus for catching it. Sometimes just fixing it and moving on is the smarter play, especially if you don't want drama.
4
milesrobinson3d ago
Yeah man, I used to think you had to make a big stink about stuff like that. Public accountability and all that. Reading this actually changed my mind though, handling it quiet like that gets way more done and saves everyone the headache.
2