@scottwilson @WPalant Certainly, it violates ETSI 303 645. That has not yet any force of law in the EU, but the UK has a law on the books that makes default passwords illegal.