A few months ago a third party installed a server in our network. Because we, the IT departement, was not actively involved in this I decided to screen the systems myself. Afterall our department had full responsibility for these systems, even though we did not know anything about them.
So I started nmap and scanned the host. Several ports where open, so I decided to go a little further and see what programs where running on these ports and their version numbers to see if there was an exploit on them. It was a relief to notice I could not find a exploit for any of the services that where running. But when I looked closer I noticed something strange; one of the ports that where open was the rsync port. Because the system was used by windows software which would connect to it and plot some graphs I wondered why it would need rsync.
I then connected with a rsync client to the port and fetched the modules to my laptop. When trying to connect to one of the modules it strictly prohibited me to fetch the data in it, but the second was unfortunatly less secured: It would let me download all data contained in the module to my laptop; the same data that was needed to plot the graphs in the client software.
After notifying the third party supplier of this fact, they released a patch which fixed the problem.