"show password" security hole?
Closed this issue · 2 comments
Is it a security hole to have the mirobot network (open) have the config for my private network with "show password?"
That's a good point, the "show password" feature (which came directly from the stock admin web pages - needs re-working) does probably needlessly show it. I imagine this is also a pain if you've set it up for students to use and they all start using your WiFi network because they find your password.
I'll make it so it doesn't send your password back out and doesn't send the POST variable if you haven't changed it I think.
There's not a lot we can do about the initial point of configuring the network over an unencrypted connection and I don't really want to make the WiFI network closed by default (though this could be an option for the future, then you could close it and configure it)
I've just pushed an update which should allow you to join your network more securely. You can now enable encryption on the built-in access point so when you configure it to join your network it will no longer be on an unencrypted connection.
I've also removed the "show password" feature, though still need to make it not send the password out and then only send it if it has changed.