-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Insecure permissions for configuration file holding hashed password & plaintext WiFi password #770
Comments
Thanks for the report, @ricardobranco777. I can confirm I see the same, and will address this in a patch later this week. |
Use this mechanism to replace an older scheme that fully read and then fully wrote the file. Resolves raspberrypi#770
Was under the impression that if we just re-used the passwords that were set in the imager that they would be correct - but they are not working for SSH. So if I re-use a password for another Pi it is wrong as it has been hashed. However the WiFi password remains correct??? |
@audas This sounds like a different problem, but also one that I would expect to be true, as I don't know if SSH uses the same hashing scheme as WPA-PSK. Please raise unique issues for unique problems. |
Describe the bug
The configuration file which holds the hashed & plaintext WiFi has insecure permissions by default.
To Reproduce
on Linux:
Expected behaviour
0600 permissions.
The text was updated successfully, but these errors were encountered: