@tbr okay I am going to say this: default credentials should always be randomly generated on deploy. As in, yes, it is the sysadmin's responsibility to change them, *but* the software should also not set admin:admin and such.
Defense in depth.
Don't have an account? You can sign up here