search for: superdupersecret

...commercial products like NAS drive implementations use fixed, well known user/pass credentials, all clients would need to be configured with such well known credentials if they were all to authenticate with a common user. The NUT /etc/ups/upsd.users file has only one entry: -- [monuser] password = superdupersecret upsmon master -- Is this a security issue if the password is well known ? Searching the mailing list I only found the comment: "All a upsmon slave can do, is delay shutting down for a handful of seconds." ... seems like limited mischief. Any guidance is appreciated. Lonnie

...entials is when strict certificate checking is being done over SSL/TLS. At that point, there is no need to worry about credential spoofing if the client cannot even connect without a valid certificate. > The NUT /etc/ups/upsd.users file has only one entry: > -- > [monuser] > password = superdupersecret > upsmon master > -- > Is this a security issue if the password is well known ? Searching the mailing list I only found the comment: "All a upsmon slave can do, is delay shutting down for a handful of seconds." ... seems like limited mischief. If you have "upsmon slave&qu...