Closed gut5 closed 4 years ago
gut5
commented
4 years ago It's a viable replacement to how the config file currently is which is basically wide open, this would at least push the user to set a password. But yeah I agree there needs to be something better, possibly a libnx limitation preventing this right now..
cathery
commented
4 years ago I'm going to close this pull request, as it does not provide any more security than the current situation, since the repository is public and any attacker could look up what the default password is. However i'm going to continue the discussion of the problem in #12.
Please force user to set secure defaults in the config, attackers are now starting to gain access through a combination of this sysmodule and ldn-mitm (lan-play) and do bad things. (and if you're wondering, yes this has happened to me)