APC vulnerability
Yeah, I know, this isn't a customer - but this is even more stupid than my customers.
Amature Pubescant Coders decided that storing username and password pairs was best done in.... plain text - I don't care that it is stored locally on an EEPROM that nobody has access to, you still don't store them in plaintext, you always use a one way hash.
Arsholes Pedalling Crack also decide to put a backdoor password in to facilitate factory configuration - change mac address, that sort of thing, display eeprom contents. they never change this password, and use it across the whole product range - I don't care how secret you're going to keep it, it's for factory config, so you put a jumper on the board that has to be closed before the password is looked for.
Put the two together and even a web designer could have told you it might not be the best security plan
Amature Pubescant Coders decided that storing username and password pairs was best done in.... plain text - I don't care that it is stored locally on an EEPROM that nobody has access to, you still don't store them in plaintext, you always use a one way hash.
Arsholes Pedalling Crack also decide to put a backdoor password in to facilitate factory configuration - change mac address, that sort of thing, display eeprom contents. they never change this password, and use it across the whole product range - I don't care how secret you're going to keep it, it's for factory config, so you put a jumper on the board that has to be closed before the password is looked for.
Put the two together and even a web designer could have told you it might not be the best security plan