Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mqtt_password exposed #49

Open
pyx1337 opened this issue Feb 26, 2020 · 1 comment
Open

mqtt_password exposed #49

pyx1337 opened this issue Feb 26, 2020 · 1 comment

Comments

@pyx1337
Copy link

pyx1337 commented Feb 26, 2020

After saving the configuration on the esp you can see the mqtt password in cleartext via the webinterface, so everyone in the wifi could see it.
@softypit
Copy link
Owner

softypit commented Mar 2, 2020

Normally we would expect the devices to exist within a 'friendly' network or a private subnet so display of the mqtt password should not be an issue.
However there is no benefit to the display of mqtt user/pass on the status page so I have removed them and added system uptime in the latest beta (1.55).
Please note that any network user with access to the web interface can easily find the mqtt password from the configuration page using 'show source' in the browser or network snooping with wireshark.

Paul.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@softypit @pyx1337