Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17447
http://www.securityfocus.com/bid/11225
http://www.sarc.com/avcenter/security/Content/2004.09.29.html