- January 25, 2020 at 4:29 am #182417
Posted this in r/legal and did not get an answer. Hoping to get one here. I’ve run into this issue a few times. There is a medical website app with an effectively HARDCODED password. Unless you know what you are doing it’s impossible to change ie you have to edit the db directly. I am not an active ethical hacker so am not familiar with the laws. I have tried googling this without success. If you have a manual I will rtfm. Just provide a link.
Post from r/legal
Hypothetically speaking I strongly suspect a medical website is accessible via default user name and password. Is it legal to verify if a said site is accessible via default user name and password? Assuming it is I am assuming you should follow the data breach laws as stated here: [https://info.digitalguardian.com/rs/768-OQW-145/images/the-definitive-guide-to-us-state-data-breach-laws.pdf](https://info.digitalguardian.com/rs/768-OQW-145/images/the-definitive-guide-to-us-state-data-breach-laws.pdf) Hypothetically guidance is welcome.
You must be logged in to reply to this topic.