of default passwords
all default passwords and in cleartext in web.conf
yeah, but vaultsys who is sysadmin on the sql server is in the webconfig.
There is also an issue when using non-default SA passwords and using a backup script (connectivity.ADMSconsole). The SA password is exposed in the backup script in plain text - which is a security issue.