AI-on-the-edge-device icon indicating copy to clipboard operation
AI-on-the-edge-device copied to clipboard

Published 20 hours ago verified publisher icon jomjol

Do not allow access to cleartext credentials from network

Open schlamar opened this issue 1 year ago • 4 comments

Issue

Modern IT security is all about layered security. Make each boundary of every application / device as robust as possible. One of the important paradigms is always assume there is an attacker in the network.

One worst case scenario in this context is getting access to credentials (Wifi, MQTT, ...) via an unauthorized network communication.

So I'm not talking about preventing credential leak by physical access as discussed in #2886.

It is OK to store them cleartext on the device. But you should never ever make them readable from the web application or from any other network access.

schlamar avatar Sep 01 '24 11:09 schlamar

I agree that it is not good practice. How ever @jomjol (the core dev) once decided he does not want to have the responsibility to protect the device (see eg. https://github.com/jomjol/AI-on-the-edge-device/issues/2886). There are several reasons for this. One is the extra work for the devs and the skills that are needed to make it really right and save. An other reason is the lack of CPU resource for this. The ESP simply is very limited and we already are on our limits RAM wise.

caco3 avatar Sep 01 '24 19:09 caco3

I have seen #2886. Please note this is a fundamentally different use case.

The other issue is talking about protecting against physical access. This would require some sort of encryption. Though a sophisticated attacker would still be able to extract encryption key and decrypt the credentials. This would mean a lot of complexity for minimal benefit. I understand that this is out of scope for this project.

The issue I'm talking about is quite the opposite. This would be trivially to solve for a huge benefit regarding IT security.

A solution would be straightforward by making credential config fields and files containing credentials write only. So you can edit them as it used to be but you cannot read them.

This is how any other web application I know of handles this sort of credential configuration.

schlamar avatar Sep 02 '24 17:09 schlamar

Screenshot_20240902_194038_Chrome

Example how this looks in Tasmota.

schlamar avatar Sep 02 '24 17:09 schlamar

files containing credentials write only

Yes, I think that is the only feasable way unless we restrict the access to the UI.

caco3 avatar Sep 02 '24 21:09 caco3

There is now basic authentication available for the Web UI which can be used (although it is not a good solution it is better than nothing).

caco3 avatar Mar 16 '25 19:03 caco3