Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wi-Fi password is stored in plain text. #68

Closed
ray77 opened this issue Dec 17, 2023 · 6 comments
Closed

Wi-Fi password is stored in plain text. #68

ray77 opened this issue Dec 17, 2023 · 6 comments

Comments

@ray77
Copy link

ray77 commented Dec 17, 2023

Available for everyone here:
http://ip/api/system/info
@skot
Copy link
Owner

skot commented Dec 17, 2023

@benjamin-wilson can we omit the WiFi passwd from the API?

@benjamin-wilson
Copy link
Collaborator

Yes

@johnny9 johnny9 assigned johnny9 and unassigned johnny9 Dec 18, 2023
benjamin-wilson added a commit that referenced this issue Jan 7, 2024
@benjamin-wilson
remove password from GET
84c0611 
#68
@benjamin-wilson
Copy link
Collaborator

Fixed 84c0611

@johnny9
Copy link
Collaborator

johnny9 commented Jan 7, 2024

Does the web ui handle the missing value?

@benjamin-wilson
Copy link
Collaborator

It does but I should probably put in a fake placeholder

@ray77
Copy link
Author

ray77 commented Jan 8, 2024
edited

It does but I should probably put in a fake placeholder

or any hash, generated from a unique esp device id, wifi-password and mac address.
This would still be a real, fairly secure password that can be used by the ESP to log in.
just an idea.

On the other hand, once the intruder is in the network (port forwarding from outside), he can at least grill the miner - the Wifi password is then pretty much irrelevant.

aaron3481 pushed a commit to aaron3481/ESP-Miner that referenced this issue Jun 11, 2024
@benjamin-wilson
remove password from GET
d3c052e 
skot#68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@skot @johnny9 @benjamin-wilson @ray77