|
|
|
|
|
|
by JohnMakin
1003 days ago
|
|
|
It’s easy. “ugh, this thing needs to get out by end of week and I can’t scope this key properly, nothing’s working with it.” “just give it admin privileges and we’ll fix it later” sometimes they’ll put a short TTL on it, aware of the risk. Then something major breaks a few months later, gets a 15 year expiry, never is remediated. It’s common because it’s tempting and easy to tell yourself you’ll fix it later, refactor, etc. But then people leave, stuff gets dropped, and security is very rarely a priority in most orgs - let alone remediation of old security issues. |
|
|