I have nothing to prove except 4 years ago the admin user name was jumpstrt and the password was 66rgb*** which was a local admin login to any government terminal in NZ. Any admin working there knows i am telling the truth and as far as I believe the XML file in the screenshot there probably says the same thing. I reckon they shoulda employed me. I would have locked it down tight.
4 years ago I was unemployed fresh out of a job and found myself in WINZ. Being bored of having to attend the weekly sessions having nothing better to do tried to see how 'secure' the terminals were. I was able to get an explorer shell and from there text editor and then start a command prompt. Long story short i downloaded 5000 files to my USB pen which contained personal phone numbers email addresses work history's DOB etc. I also copied the entire login script directory and later on reverse engineered the script to get the domain credentials. This means at any computer terminal in NZ WINZ or government department I can logon as admin. Anyway just letting you all know that all the NZ government departments are linked including student job services, NZ justice etc.
You exposing the weakness finally and there is a very simple reg hack that could have prevented it.
Bit disappointed that the client files i have now are not worth any glory. heh.