Google Dork
A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a slow-witted or in-ept person.
Visma
I get tips, hints & examples of bad security every so often. Here the other day I was tipped about this page from software giant Visma. The page provides documentation on a payroll system they provide, and using MSSQL they state sa as the standard account to use, and Visma123@ as the standard password. Based on its length and complexity, the password is compliant with standard Microsoft Windows settings, PCI-DSS and otther “best practice” recommendations. I still hope & believe you will agree with me that its not a good password, it is not a good password to be used as a default password, and it shouldn't be included in publicly available online documentation.
Most Importantly, there should preferably never be any 'default' passwords, but a function requiring a password to be set before remote access is allowed and/or to make the system work as expected.
So should I report the above to the company? Well, what should I report to them? That they have intentionally created a bad default MSSQL SA password, and documented it online for the world to see? They are probably aware of it, at least somebody at the company is.
So I did a quick Google search.
unimicro
Say hello to Uni Micro financial systems, a company doing financial systems, and they have documentation online. Default is to use the sa account in MSSQL, with default password abab12UNI.
PHYSICA
Health journaling system. Secure is one of the many words used on their frontpage, and they have documentation online as well. Default user is the sa account in MSSQL, with default password velkommen. Yes, that is welcome in English.
—————————
I looked at several other hits in my search, and I realized I should end this post before I started banging my head-to-desk too hard. As I've said for years, a main concern with passwords are product & service providers that doesn't do proper security on the protection of passwords in their systems. A simple Google search, and you have more than enough information to probably gain access to a lot of systems & information you are not authorized to access, and that may represent great risk to lots of people.