OpenMQTTGateway icon indicating copy to clipboard operation
OpenMQTTGateway copied to clipboard

Published 20 hours ago verified publisher icon 1technophile

When changing WiFi password, the password appears in plaintext in the browser address bar

Open puterboy opened this issue 1 year ago • 3 comments

I just noticed that after pressing save when changing the WiFi password, the SSID and password appear in plaintext in the browser address bar (and presumably go into your browser history too). This seems like a security issue. May also apply to MQTT and Gateway passwords but I didn't check.

I imagine data is being sent with an HTTP GET rather than POST.

puterboy avatar Aug 27 '24 16:08 puterboy

Is that spam????

puterboy avatar Aug 27 '24 17:08 puterboy

Spam or phishing yes

1technophile avatar Aug 27 '24 17:08 1technophile

I imagine data is being sent with an HTTP GET rather than POST.

Agreed PR welcome to fix that

1technophile avatar Aug 27 '24 17:08 1technophile

Fixed with: https://github.com/1technophile/OpenMQTTGateway/pull/2037

puterboy avatar Aug 29 '24 14:08 puterboy