Closed
Description
SSH is enabled by default, the default login details are widely published. People are exposing their RasPlex installs to the web.
Even if they aren't putting them in a DMZ, or otherwise exposing them to the web, it's still horribly insecure by default.
Bizarrely, you're prevented from changing the default password because passwd is missing.
Possible solutions:
a) Make SSH off by default, force a password to be set the first time SSH is enabled
b) Generate a random password and show it in settings.
Metadata
Assignees
Labels
No labels