WEMS BEMS 21.3.1 Undocumented Backdoor Account
Posted on 30 December 2019
WEMS BEMS version 21.3.1 has an undocumented backdoor account that is Base64 encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the controller thru the RMI.