A security analyst was able to find hard-coded credentials, including a username and password, in a mobile app's plist file. These credentials were then used to gain access to a server with an open manager console.