Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable the root password by default in an ISO installation #819

Open
trevor-vaughan opened this issue May 14, 2022 · 0 comments
Open

Disable the root password by default in an ISO installation #819

trevor-vaughan opened this issue May 14, 2022 · 0 comments
Labels

Comments

@trevor-vaughan
Copy link
Member

trevor-vaughan commented May 14, 2022

Issue

When installing from the ISO, the password for root is currently set to a known value and users often skip steps when installing the system.

Best practice prohibits logging in directly as the root user which is the default mode in the SIMP installation.

The original mechanism was put in place for convenience expecting users to change the values by following the documentation.

However, it is possible that this was not done by all users leaving a potential vulnerability on their systems if the default configuration is altered.

Proposed Resolution

The ISO installation should no longer set a root password at all. If users wish to set one, they can do so explicitly post-installation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: No status
Status: 📋 Backlog
Development

No branches or pull requests

1 participant