It's possible to obtain web administration acces without administrative password.
vulners.com/securityvulns/securityvulns:doc:2926