Unsecured endpoints and harmful logs


#1

Hi all

Is there a way to secure the enpoints /apps and /logs with a username and password? As it stands, everyone who is connected to the same network can access and upload potentially harmful applications.

Additionally, we have noticed that if we try to change the network and enter the SSID incorrectly, the password is logged in plain text and unhashed to the endpoint /logs. This seems like a major security hazard, especially combined with the points described above.
I have attached a screenshot of the mentioned log message here:


#2

Hi @Yves,

Currently there is no way of password securing the /apps and /logs endpoints, but we will take this into consideration for future updates.

Indeed, the password logging is a major security hazard and we will act on it. We will make sure that it is patched in the next Lampix version.