On 16 Sep 2015, at 11:51, Paul Ferguson wrote: > Please bear in mind hat the attacker *must* acquire credentials to > access the box before exploitation. And must have access to the box in order to utilize said credentials - which of course, there are BCPs intended to prevent same. ----------------------------------- Roland Dobbins <rdobbins at arbor.net>