Major Security Leak: Users with a blank password

As many of you guys know, Sitecore has some, by installation, defined users with a blank password. Never forget to change this before going live! Today again, I’ve found a website which contained an user with an empty password. When the users aren’t used, it’s even better to delete them.

In this case I’ve contacted the Sitecore HQ, and asked them to contact the implementation partner. That should be the best way.

At the office, in our Sitecore- project start-up document we’ve defined the clean up of the users and roles as one of the first steps. so these mistakes can’t be made again.