Do Axis Cameras Default To No Password Required?

It's well known that Axis cameras have no default password; you are prompted, from the web client, to create a administrator password when first used or after a reset.

But, what may not be as well known is that no password is required to access the camera thru VAPIX, as long as it's done before a root password is first set, e.g. by the web-client.

This is not a bug either:

However, if the device is first accessed using the VAPIX API (i.e. not the GUI) there is no hard requirement from the device to enter users with proper credentials. Instead, as this is the normal way a camera is plugged into a VMS, the client application is trusted to add proper users to the device to control the access as described above. VAPIX Authentication Guide

VMSes typically use VAPIX to connect. So the question is, if never accessed from the web client, do VMSes force you to set a password?

And if not, would that mean that those cameras are accessible without a password, even after being added to working system?

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

**** ***** **** *** ***** *** ** **** ****. * will **** **** ** ****.

******** * **** **** **** **** ********** **** **** ******* using * ******** **** ***** ******. *** ******* **** ***-**-***-*** new, *** *** ****** *** ******** ***** **** "****" **** calling ** **** ***** **** *** ****** (****** *** ************* was ****). ** *** ** * ********** *** ****** **** both **** *** ***** (**** ****** ** *****, ***, ***) and ****/*** ** ******* *****.

* *****. * **** **** *** **** ******** **** ******* after *******.

So *** ** **** *** * *** ****??

**** **** * *** ** ***** *** ******* *** ** choose * **** ******** **** *** *** ******, *** ** you *** **** ****** **** ** ******* **** ** ** the *** *****, *** ** ** ****** **** *** *** that *** *** ********* ***?

***** ******** * **** ** **************** *********....

* ****** ****** **** **** *****, *** ****** **** ******* of *** ************** ***** *** **********. ******* ******* ** **** you ***** ***** **** **** *** ****** (***) ** ******* toadd ****** ***********, not that it is trusted to access the camera. This means that if you do not configure the camera manually, the burden of security lies with the VMS.

***** **** ** ****:

* *** * ***** ** **** ****** ***** *** ***** this *** ***** ******** *** ****** *** *********. ** ***** to *** ***** (*** ****) ** ******* * ***** ****** via ****, ******** "****" **** ******** "****" **** ** *****. But ***** ******* ** *** ***** *** ** ****** *** default ******** **** ********* *** ****** *** **** ****.

**** ** *********** ** ******, *** * *** *****. ***** is ** *** **** * *** "*** **** ****** *** password *****". *** *** ** **** ** * *****, *** it ** ******** *** **** **** *** *** ******** ********* (RTSP, *****, *****) **** ** *** ** ******** ****.

****, **** ***** **** ***** ** **** ***** ** ** their ***, *** **** ***** ******** ***** * *** ** VMS ******** (****-*********, ********* *******, ***) ****** *************, *** ***** require *** ************* ** ****** ***** ****** ********** ********** **** for **** *******.

**** *** **** * **** ****** ** *** ***** ** change *** ******* ******** ** ********* ** **** ********* *** camera. ** ***** ** **** ** *** ************* ******** *** same ******** *** ******** ** ****** ** ****** ******* ****** credentials.

******* ******* ** **** *** ***** ***** **** **** *** client (***) ** ******* ** *** ****** ***********, *** **** it ** ******* ** ****** *** ******.

*'* *** ******** **** **** **** ******* ** ****. ** the *** ** ******* ** *** ** ***** ******* **** whatever ******** ** *****, *** **** ***** ******* *** **** rights ** *** ******, ** *** ****** *** ******, **?

******* ** *** ************ ******* *** ***** ******* ** "*******" and *** ****-*** ****-**-***?

******* ** "******* ** ****** *** ******" * ***** * could **** **** **** ** ** *** *** **** **** the ****** ****** *** **********, *** ** *********.

** ************* ** **** *** **** ********* ***** **** ******* being ******** (*** ********* ******* ** ****** ****) ******* *** to ***** ****** **** **** ***** ** ******** ******* * password. **** ** *** ******** *** **** **** **** * have **********.

***** *** ********* **** ** ***** *** ***. ** * broad *** ** **********, *** ******** ** * **** ******* area *** ** ***** ** ******* **** ***** **** ********* and "**** ***" **** ********* ********.