search

hassio-addons / addon-nut

Network UPS Tools - Home Assistant Community Add-ons
https://addons.community
MIT License
189 stars 36 forks source link

Have I Been Pwned abort the addon #61

Closed sourdough0 closed 3 years ago

sourdough0 commented 3 years ago

Problem/Motivation

Addon aborted due to password in the Pwned list.

Expected behavior

Could you set the Have I Been Pwned as an option that can manual turn off if I don't need it?

Actual behavior

I am trying to setup the NUT server on my HASSIO to support my Synology NAS in LAN, but the username & password is in the Have I been Pwned list( well, it is a simple word, I not surprised they are in the list), and the whole add-on is aborted once detected password compromised.

Steps to reproduce

The problem is Synology NAS is using a fixed username & password that don't allow to edit, the purpose they are doing so is because their embedded UPS server is designed to link their own NAS which all have the same username & password, so synology NAS user does not need to setup anything, but with the NUT setup we need to key in the same username & password to login and it is stopped by Have I Been Pwned Check.

Synology Setting UPS device name : ups slave user name : monuser slave password : secret

Input those in NUT Addon you can replicate the error.

[18:33:39] INFO: Setting mode to netserver... [18:33:40] INFO: Generating /etc/nut/upsd.users... [18:33:40] INFO: Configuring user: monuser [18:33:40] WARNING: Password is in the Have I Been Pwned database! [18:33:40] WARNING: Password appeared 243782 times! [18:33:40] FATAL: [18:33:40] FATAL: We are trying to help you to protect your system the [18:33:40] FATAL: best we can. Therefore, this add-on checks your [18:33:40] FATAL: configured password again the HaveIBeenPwned database. [18:33:40] FATAL: [18:33:40] FATAL: Unfortunately, your configured password is considered [18:33:40] FATAL: unsafe. We highly recommend you to pick a different one. [18:33:40] FATAL: [18:33:40] FATAL: Please change the password in the 'users[0].password' option. [18:33:40] FATAL: [18:33:40] FATAL: Check the add-on manual for more information. [18:33:40] FATAL: [cont-init.d] nut.sh: exited 1. [cont-finish.d] executing container finish scripts... [cont-finish.d] 99-message.sh: executing...

Proposed changes

Could you make Have I Been Pwned to an option that allow user to turn it off?

Thank you.

frenck commented 3 years ago

https://github.com/hassio-addons/addon-nut/blob/main/nut/DOCS.md#option-i_like_to_be_pwned

tjorim commented 3 years ago

Please check the add-on documentation, there already is an option for that: i_like_to_be_pwned.

frenck commented 3 years ago

No problem! Enjoy the pwning!