Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.