update default password

bfabiszewski / ulogger-server

μlogger • web viewer for tracks uploaded with μlogger mobile client

GNU General Public License v3.0

538 stars 85 forks source link

update default password #122

Closed maverickvn360 closed 4 years ago

maverickvn360 commented 4 years ago

Please note: I found this leak via a web scanner. Is there an automated way to update the default password for admin? Or force update? As the credentials present in the sqlite file are leaked. There's a recommended way to set it up via env..

Thanks a lot for your time :)

bfabiszewski commented 4 years ago

Thanks for the report!

Could you explain a bit more? What leak do you mean? There is no default admin password. When you install the application with setup script you choose you admin username and password.

maverickvn360 commented 4 years ago

Leak in the sense: default creds are stored in scripts/ulogger.sqlite file. That's y I just wanted to confirm if there's an automated mechanism to change password upon installation..

bfabiszewski commented 4 years ago

If you mean this line it is commented out. So it will never be executed in this script.

maverickvn360 commented 4 years ago

Apologies for taking your time.. Thanks, I just blindly reported it out..

bfabiszewski commented 4 years ago

Not a problem. Thanks anyway for reporting!