Samsung DVRs put usernames and passwords base64 encoded into cookies. They also fail to validate the cookies in many places, so any values work, allowing for authentication bypass. A proof of concept exploit that lists all users and passwords is included.
6219a380366e2aecc4495c804c39b2f23b5f3ae1609e4c340f64ce8cc584d483