On Tue, 5 Aug 2014, CSSU NetAdmin wrote: > acknowledged this issue but a fix wasn't in the offing. Their solution was > to restrict access to the management webpage from specific machines by IP > or disable the web page. > > Am I nuts or is this a giant security issue?
Most of those machines you have to sandbox to get much security on the network side. I have also come in and they have setup the scanning to peoples computers with open network shares on their machines. It wouldn't take them but a minute more to put login credentials on those. Pretty typical, but just not kosher.
