An unauthenticated remote attacker could reset the administrator's password with information from the default, self-signed certificate.