CB1s, similar to other 3dprinting devices, make use of a static default password. Users should be forced into changing this password during the initial setup proces to ensure these devices can't be easily compromised. While changing default account passwords is common best practice in tech, most users do not know how, or don't even think about it as a risk.
To help illustrate the point here is a pic of a simple model stealer I threw together.
[This can easily be swapped out for malware]
One possible way to streamline the change into the setup process would be to wrap klipper in a password validation check. If the Biqu account hash is still default, klipper doesn't start.
#!/bin/bash
DEFAULT_HASH="$6$c1yGPv.3$ZZ..."
CURRENT_HASH=$(getent shadow biqu | awk -F: '{print $2}')
if [[ "$CURRENT_HASH" == "$DEFAULT_HASH" ]]; then
echo "Klipper cannot start. Please change the default password for user 'biqu'." >&2
exit 1
fi
exit 0
CB1s, similar to other 3dprinting devices, make use of a static default password. Users should be forced into changing this password during the initial setup proces to ensure these devices can't be easily compromised. While changing default account passwords is common best practice in tech, most users do not know how, or don't even think about it as a risk.
To help illustrate the point here is a pic of a simple model stealer I threw together. [This can easily be swapped out for malware]
One possible way to streamline the change into the setup process would be to wrap klipper in a password validation check. If the Biqu account hash is still default, klipper doesn't start.