Those Sword and Shield guys are pretty clever!

via A Series of Unfortunate Events | Sword & Shield Enterprise Security, Inc.:

First, I scanned the network with Nessus and did not find any easily exploited vulnerabilities but I did find a medium-risk vulnerability showing unauthenticated access to multiple NFS shares Nessus ID 42256. Browsing the shares I found a backup copy of the client’s public web site, which was developed using Visual Studio. Visual Studio stores database connection strings, including plaintext passwords, in .config files. Using the command grep -r connectionStrings= at the root of the source directory, I found multiple connection strings that used three different database passwords.

Be Sociable, Share!

•