If they are undocumented accounts (backdoors in the devious sense) then yes, we cannot do anything about it, just try to pentest the shit out of the equip, fuzz it, and pray to our god(s) of choice and pray we get lucky in these futile experiments.
If these are documented (e.g. IBM has these notorious RedBooks of 500-700-1000 pages) then one should spend the time to study before implementing, securing, auditing, and-other-verbs.
Again, the only 'excuse' I can accept (not really) is that "management" knows that the staff is not enough and they cut corners.. in which case you crucify the COO in your report, not the poor admin(s).
If these are documented (e.g. IBM has these notorious RedBooks of 500-700-1000 pages) then one should spend the time to study before implementing, securing, auditing, and-other-verbs.
Again, the only 'excuse' I can accept (not really) is that "management" knows that the staff is not enough and they cut corners.. in which case you crucify the COO in your report, not the poor admin(s).