Using embedded credentials makes it easy to install devices in large volumes but the important point to remember here is that the passwords have to be changed later. Otherwise, they pose security risks. Unless the code is decrypted, the credentials can be read by anyone.
Not too long ago we read about Fortinet’s use of hard-coded passwords in their firewall appliances. The company explained that the issue was resolved.
However, it appears that an investigation the security firm conducted after the initial debacle found versions of FortiSwitch, FortiAnalyzer and FortiCache that were also plagued by the same flaw.
Fortinet’s lncident response team said in a blog, “In accordance with responsible disclosure, today we have issued a security advisory that provides a software update that eliminates this vulnerability in these products. This update also covers the legacy and end-of-life products listed above.”