A backdoor in a mainstream security product could certainly be considered a bug. The product is Cisco Security Monitoring, Analysis and Response System (CS-MARS) (CS-MARS) up to version 4.1.2 and the backdoor is an undocumented user ID with a default password giving access to the root fully-privileged administrator ID. Doh! The access was deliberately inserted allegedly for “advanced debugging purposes” - fair enough maybe but why on Earth did it end up in shipped code, and in a security product at that?!
More links on Bugs!