Open MartyMacGyver opened 7 years ago
there is a bigger security problem :-). http://#ip address#/config.json
For whoever triages this, the results of http://192.168.xx.yy/config.json
are {"ssid":"your_ssid_name","password":"your_formerly_secret_password"}
(with the actual data).
That's pretty bad.
The WiFi setup for the ESP8266 should either be over a secure connection (HTTPS or WPA2) or configurable via serial (for example, via a sketch - a common method for this device).
Currently, private credentials are transmitted completely in the clear over the insecure AP network WiFiLink uses for setup, rendering them vulnerable to interception.