Comment: Good lesson for everyone! (Score 2, Informative) 83
"Once they were let loose, the team members quickly found and "owned" routers, osCommerce sites, and Linux servers simply because the systems were still using default accounts. Unfortunately, this is a real world problem that has turned more than one company into a victim. Or to put it another way, why attempt to locate and exploit a DCOMRPC vulnerability when the password to the Administrator account is blank!"
It should be a good lesson for all including the company & students that this "small" thing is among the vital concern.