hagaygo / OpenWrtManager

Mobile app for interacting with your OpenWrt device.
GNU General Public License v3.0
195 stars 16 forks source link

Allow certificate pinning #65

Open hrdl-github opened 1 month ago

hrdl-github commented 1 month ago

At the moment OpenWrt's self-signed certificates are handled by ignoring all certificate check results upon request, leaving the client vulnerable to MITM attacks. Offering certificate pinning, possibly displaying the certificate's fingerprint so it can be verified manually would mitigate this.

hagaygo commented 1 month ago

Hi

I guess you mean when accessing your devices via the app.

I personally use only IP addresses when accessing my devices so never thought of this.

I guess i would check it out sometime in the future , Regarding storing certificate fingerprint (like first SSH connect is offering) for specific device.

Thanks for the idea.

hrdl-github commented 1 month ago

Just to be clear, this is also relevant when using https and an IP address to identify the host as soon as the device's certificate wasn't signed by an installed CA, which requires the Ignore certificate errors checkbox to be marked. This means that every connection can be tampered with without OpenWrtManager informing the user. With certificate pinning this could be prevented, as trust establishment is moved to the first connection.

hagaygo commented 1 month ago

Of course, just with ip you need to get a hold the ip address and not just the domain and redirect it to different ip, much harder especially when the ip is not public one.

A scneario that might happen is that you connect to a public wifi with a device with https on a same ip of your openwrt device, you launch the app and it tries to authenticate againt wrong device, if the url is valid it gets a hold of your credintials...