Is there a reason for setting the root password to a default value? That seems like a major security problem to me. We don't want users to inadvertently leave a root-privileged backdoor into their networks if they forget to change it from the default value. Though OpenWRT's default behavior of turning on password-less telnet before the root password gets set is just as insecure, at least it presents a warning about needing to set the root password on every web interface page.
The setup wizard asks users to set the root password on first boot, so that seems sufficient to me.
Is there a reason for setting the root password to a default value? That seems like a major security problem to me. We don't want users to inadvertently leave a root-privileged backdoor into their networks if they forget to change it from the default value. Though OpenWRT's default behavior of turning on password-less telnet before the root password gets set is just as insecure, at least it presents a warning about needing to set the root password on every web interface page.
The setup wizard asks users to set the root password on first boot, so that seems sufficient to me.