"For years, NASA employees and research collaborators thought they were simply sharing software with colleagues. Instead, they were emailing sensitive defense technology to a Chinese national who was impersonating U.S. engineers."
A Common Vulnerability Exposure (CVE) that cannot reach the privilege plane is operationally ineffective - even at a CVSS Score of 10. This should be a core philosophy that is embedded into the fabric of software engineering.
The client wanted to 'keep things simple' for their team, so they used the same administrative password for both staging and production environments. That password was the hard-to-guess combination of 'admin123.'