In builds for virtual environments and clouds, we do not have the vyos user by default, and in case if for some reason metadata with proper credentials is not available during the first system's boot, there will be no users with configured authentication at all. This leads to potential situations when a newly created system becomes completely unmanaged.
To avoid such a problem, we may add the fallback action - creating the default vyos/vyos user if all attempts to get credentials was failed. This allows reaching the system even in case of problems with metadata availability.
Potentially, this may cause a security issue with a weak password. But:
- the default user vyos/vyos may be created only on fresh installations, so there will be no access to other data on a router;
- this should never happen if everything works well in an environment. And, most likely, will be used only for testing deployments without complete metadata or in case of known troubles.
Thus, this should not decrease production deployments security level.