ePrivacy and GPDR Cookie Consent by Cookie Consent
Testing Default User Name/Password – Digitalmunition




Home Forums Testing Default User Name/Password

This topic contains 0 replies, has 1 voice, and was last updated by  BrianMiz 8 months ago.

  • Author
    Posts
  • #182417

    BrianMiz
    Member

    Posted this in r/legal and did not get an answer. Hoping to get one here. I’ve run into this issue a few times. There is a medical website app with an effectively HARDCODED password. Unless you know what you are doing it’s impossible to change ie you have to edit the db directly. I am not an active ethical hacker so am not familiar with the laws. I have tried googling this without success. If you have a manual I will rtfm. Just provide a link.

    ​

    Post from r/legal

    Hypothetically speaking I strongly suspect a medical website is accessible via default user name and password. Is it legal to verify if a said site is accessible via default user name and password? Assuming it is I am assuming you should follow the data breach laws as stated here: [https://info.digitalguardian.com/rs/768-OQW-145/images/the-definitive-guide-to-us-state-data-breach-laws.pdf](https://info.digitalguardian.com/rs/768-OQW-145/images/the-definitive-guide-to-us-state-data-breach-laws.pdf) Hypothetically guidance is welcome.

    Thank you,
    Mr. Throwaway733142

You must be logged in to reply to this topic.