M4 Project enigma-suite Windows Client Default Account
Local Access Required,
Local / Remote
Loss of Integrity
By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.
Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.