User Password Accounts
The user names and passwords for the web based interface are stored in an encrypted file. These accounts can be created, modified, and removed by clicking "User Accounts" on the UI menu. However, there is an additional ability for the site developer to hard code a back door password into the user interface directly. This password does not show up in the normal list of users and can not be edited, modified, or deleted without editing the code inside or Visual Studio and republishing to IIS.
By default, there are two hard coded passwords:
User Name: admin
Access Level: 101
User Name: guest
Access Level: 0
These passwords are defined on line 25 of the Global.asax file and should be modified or removed before installing in a production environment.