1. Got a question or need help troubleshooting? Post to the troubleshooting forum or Search the forums!

The rpi password for user pi is still set to the default

Discussion in 'Software' started by jscottb, Sep 15, 2017.

  1. jscottb

    jscottb Member

    Joined:
    Sep 10, 2017
    Messages:
    45
    Likes Received:
    26
    I would look to changing this to something else. I would hope it's not used anywhere in the Robo3d addons or mods for Octoprint.

    Just an FYI...
     
  2. WheresWaldo

    WheresWaldo Volunteer ( ͠° ͟ʖ ͡°)
    Staff Member

    Joined:
    Feb 18, 2015
    Messages:
    5,905
    Likes Received:
    3,593
    Change it to your hearts content, no other part of the OS is using it.
     
    mark tomlinson likes this.
  3. jscottb

    jscottb Member

    Joined:
    Sep 10, 2017
    Messages:
    45
    Likes Received:
    26
    Yeah, I had changed mine to see and it seemed fine after a test reboot.
     
  4. mark tomlinson

    mark tomlinson ༼ つ ◕_ ◕ ༽つ
    Staff Member

    Joined:
    Feb 21, 2013
    Messages:
    23,912
    Likes Received:
    7,338
    Unless they customized everyone's Pi ... I get why they did that :)
    Good thing to change though.
     
  5. OutsourcedGuru

    OutsourcedGuru Active Member

    Joined:
    Jun 3, 2017
    Messages:
    752
    Likes Received:
    141
    And then again, there's broadpwn to worry about. (In theory, doesn't require your credentials and kicks your butt via a wi-fi attack vector.)
     
  6. jscottb

    jscottb Member

    Joined:
    Sep 10, 2017
    Messages:
    45
    Likes Received:
    26
    Yes, my main point (that I so poorly conveyed) is that this should be changed on all RPI's or any other SBC you have. Many may not know that there are baddies wanting to use your pi for evil. Old decrepit unix programmers like me forget how to talk to the general masses ;)
     
  7. OutsourcedGuru

    OutsourcedGuru Active Member

    Joined:
    Jun 3, 2017
    Messages:
    752
    Likes Received:
    141
    Naw... you did a great job of conveying the threat. I have many Raspis and I categorize them in two camps: those that are on a lot and those that aren't. The printer might run all night so that means that it could use some hardening up. I do bring my Raspis for show-and-tell at the monthly San Diego dot JS gigs and still I leave the credentials default in many cases. Worst case scenario, I re-image the microSD in that unlikely hacking event.

    Where is it (behind a firewall, in a school or work setting or in a coffee shop)? I run lots of computers/devices/phones in my apartment on my wi-fi and I don't spend lots of worry over them. A lot of Android phones have administrative backdoors installed by the vendor for support purposes.

    Broadpwn is a decidely-different problem. The last time we saw an Internet worm was many moons ago. This has the ugly specter of leaping from one device to the next on wi-fi and right past your firewall, regardless of your password length. The Broadcom chipset is presumably so cheap that a fair amount of manufacturers are using it.
     

Share This Page