I've got a Cisco router here in front of me, the router is "reconditioned", but was received with a console password on it. Now, this is interesting for two reasons. As it's reconditioned (apparently) it shouldn't have a config on it anyway, and even so, whoever had it beforehand should really have cleared the config off.

More interestingly, the router is identifying itself with the name of a medical company. Interesting. So, rommon the box, get into it and do a sh start and see what we've got.

Username and password for the VPN service that said company uses, further identifying information for the company, firewall rules, SNMP server information, and, of course, the console password (in type 7, so easily breakable) for the router. What says that the same password is used on a number of bits of their kit?

It's not difficult - really. This is basic network security stuff. Just clear any configs off before the router gets taken away.