According to the documentation there is a password of zoomus123 as the default password, but in production the default setting is applying a blank password “as the global setting”
Regardless of the insecurities surrounding a documented password or blank, I feel its best to have a password set globally as zoomus123.
Or if you want added security, you give each integrator utilizing and building applications on the SSH client a unique backdoor password to ask the SSH client to fetch a uniquely generated SSH password that each account gets. The end users will see in plain text when logged in what their global zoom room password is. An integrator gets a backdoor to see this password by passing their unique password to you to get this password.
This way bad actors cant just type blank or zoomus123 by default to control camera equipment by calling themselves and accepting the calls on both ends. It secures things up dramatically by adopting this approach of giving a small backdoor password to the good actors (the integrators). If the integrators dont choose to use this backdoor to get the account ssh password, then they merely instruct their customers to get their “global password” and configure it for their connection tools.