[Commotion-admin] [commotion-router] X86 (#181)
Dan Staples
notifications at github.com
Mon Dec 28 13:54:58 EST 2015
Is there a reason for setting the root password to a default value? That seems like a major security problem to me. We don't want users to inadvertently leave a root-privileged backdoor into their networks if they forget to change it from the default value. Though OpenWRT's default behavior of turning on password-less telnet before the root password gets set is just as insecure, at least it presents a warning about needing to set the root password on every web interface page.
The setup wizard asks users to set the root password on first boot, so that seems sufficient to me.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-router/pull/181#issuecomment-167628470
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20151228/3e739a55/attachment.html>
More information about the Commotion-admin
mailing list