The report doesn't appear to mention that you could just login to their web portal with an obvious password [1]. That was a different portal and a different breach.
Maybe the cert on the web server was updated, but the private key for the updated cert was never copied to the SSL Visibility Appliance?
Legacy systems are a red herring. It's just a way to shift blame to predecessors.
The report doesn't appear to mention that you could just login to their web portal with an obvious password [1]. That was a different portal and a different breach.
Maybe the cert on the web server was updated, but the private key for the updated cert was never copied to the SSL Visibility Appliance?
Legacy systems are a red herring. It's just a way to shift blame to predecessors.