Run across something like this with a USA based DVR "Manufacturer"
Installed DVR for client (Firewalled appropriately with no access to/from low security zones) only to have said client change the admin password and then forget what the new password was...
Called the vendor who asked what date the DVR was showing and obtained a "daily" password that could be used to log into the DVRs console via a "hidden button" on the login prompt. This priv level could change the admin password and configure/control all "advanced" DVR functions.
Questions to said vendor about security practices, 3rd party code audits and software updates were laughable in the early 90s. Today they appear to be par for the course.
Anon, because RESEARCH ongoing . ;-)
Biting the hand that feeds IT
