Description / Steps to reproduce the issue
Default password is a vulnerability very often explored on Linux systems and the new security recommendation is to never release products with a default password.
Unfortunately NuttX uses a default admin password at /etc/password as well. You can see where is it used running:
$ git grep "8Tv+Hbmr3pLVb5HHZgd26D"
I suggest we change it by requesting to the user to create a password during the build phase. Although the best option is the end user to setup the password the first time use power up the device, but at least doing it in the build process we avoid the same default password being used for all NuttX embedded systems.
BTW I decided to release it here as [SECURITY] because it is not a security fault on NuttX source code, but just in the way we do the things.
On which OS does this issue occur?
[OS: Linux]
What is the version of your OS?
Ubuntu
NuttX Version
all
Issue Architecture
[Arch: all]
Issue Area
[Area: Other]
Host information
No response
Verification
Description / Steps to reproduce the issue
Default password is a vulnerability very often explored on Linux systems and the new security recommendation is to never release products with a default password.
Unfortunately NuttX uses a default admin password at /etc/password as well. You can see where is it used running:
I suggest we change it by requesting to the user to create a password during the build phase. Although the best option is the end user to setup the password the first time use power up the device, but at least doing it in the build process we avoid the same default password being used for all NuttX embedded systems.
BTW I decided to release it here as [SECURITY] because it is not a security fault on NuttX source code, but just in the way we do the things.
On which OS does this issue occur?
[OS: Linux]
What is the version of your OS?
Ubuntu
NuttX Version
all
Issue Architecture
[Arch: all]
Issue Area
[Area: Other]
Host information
No response
Verification