A flaw in a remote management login path shows how one broken identity check can turn a support console into an attacker’s foothold.