Posted this in r/legal and did not get an answer. Hoping to get one here. I’ve run into this issue a few times. There is a medical website app with an effectively HARDCODED password. Unless you know what you are doing it’s impossible to change ie you have to edit the db directly. I am not an active ethical hacker so am not familiar with the laws. I have tried googling this without success. If you have a manual I will rtfm. Just provide a link.