This is the problem that will not go away. I was in the discussion with a Security Engineer from a major vendor who happens to be the number one vendor in their space. He informed me that I could not change the password on a security appliance and to leave it at default.
So the hacker in me quickly thought that if I did a banner grab for this vendor's appliance across an enterprise I could compromise this device where ever it existed. This appliance is highly deployed, so it is a bit scary to me. The fact that it came from a major "security vendor" was even worse.
This is Security 101 here :(
The reason he said that you couldn't change the password was, "It's an appliance!". I'm like, "Okay????".
This goes to all vendors, administrators, and security professionals.
DEFAULT PASSWORDS ARE NEVER A GOOD THING !!!!!!!!!!!!!
Sorry for shouting. :)