Comment 0 for bug 1508698

Up until version 3.3.0, rabbitmq by default creates an account named "guest" with the password "guest". This account is usable over the network, and it also has administrative privileges. The version in trusty is 3.2.4.

https://www.rabbitmq.com/access-control.html

https://www.rabbitmq.com/blog/2014/04/02/breaking-things-with-rabbitmq-3-3/

This appears to be common knowledge (so my filing this as a private security bug may be overzealous) and indeed is relied upon in many places. I discovered it while working on an internal monitoring script, and here's another example: https://bugs.launchpad.net/openstack-manuals/+bug/1390419

Since it would not affect existing installations, it may be reasonable to alter this behaviour, even in a stable release.