Right - what I'm saying is the fact that there are default passwords at all is horribly insecure, and that the vendor in question should be prodded to change this dangerous practice.
I don't see how there's a security problem with equipment coming from the factory with factory default passwords. In my opinion, a breach caused by a reset of equipment to default configuration/passwords would suggest far more basic security issues, which are not at all mitigated by eliminating the existence of default passwords. I generally try to mitigate the issues further down the stack. I doubt factory default passwords are going anywhere, but even if they did go away, I would still strictly control access to my management interfaces, as well as the reset holes on my equipment, and so I would argue that I would be no more or less secure than I am now. But maybe I'm missing something? Best Regards, Nathan Eisenberg