A field-manager user account at a well-fortified Fortune 500 financial services firm was all it took for penetration testers to gain access into the otherwise well-secured network. The field-technician account is even more potent than an admin account, says Rob Havelt, director of penetration testing for Trustwave SpiderLabs. Havelt says he and his team employed the forgotten user account, which had an old default password, to get in and clone the firm’s help-desk voicemail.”]
Source: https://www.darkreading.com/attacks-breaches/strange-but-true-penetration-testing-stories