News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

Obihai 200 Security Failure: Can not set new password for admin.

Started by fin4agibson, November 15, 2019, 07:37:30 AM

Previous topic - Next topic

fin4agibson

Summary: Can not set the admin password on Obihai 200 (that survives a reboot). Where is documentation that describes setting admin password. If not available, what does anybody know about this Security Failure?

Background:
In my opinion, Obihai Documentation is better than most websites and applications (because most do not have any), but is not user friendly and lacking key points. :-\
Searching the support forum for "set admin password for 200" (or variations), does not give much help.

The device web page allows for the setting of the admin password. But gets wiped out when the device is rebooted.
The obinet webpage does NOT allow the setting of the admin password. ???

Leaving the admin password at default is not a safe way to leave the 200 on the internet. I see this as a Secuirty Failure on the part of the Obihai 200. ???

Not allowing the change of configuration of the 200 from the device that survives a reboot, is a future MAJOR Security Failure. (Look at Cloud enabled IoT devices that the Cloud died, but the device is still alive. Also look at the Obihai 1xx series. And Other  EOL, Not supported devices that still work. )

WrapUp:
If any one can shed some lite on this subject area or provide links to other forum articles or documentation, that would be great. :o



azrobert

Change the password from OBiTalk Dashboard. Click on the gear ICON to the right of your device. Change the Webpage Admin Password and click Save.

fin4agibson

Response to @drgeoff
Referenced by @drgeoff
1. You are probably falling foul of the #1 gotcha for noobies. http://www.obitalk.com/forum/index.php?topic=61.0

Use Expert mode on your dashboard at obitalk.com, not the local web interface of your OBi.  When you get to the relevant page and configuration line you need to clear both boxes at the right hand end of the line before you can make a change.


On my original request, I did not specify correctly what I did. Anybody mistake (Noob, expert, Obihai).
Bad original line: The obinet webpage does NOT allow the setting of the admin password.
Corrected line: The ObiTalk Expert webpage does NOT allow the setting of the admin password.

If the image attachment works, it shows ObiTalk Expert webpage cut n paste, that the only option to change is the "UserPassword". The right hand  end of line both boxes are cleared.
There is no option for changing the Admin Password.

So this #1 gotcha for noobies, does not appear to have gotten me. Hopefully, I explained that this is covered. Thanks for the suggestion on what to look for.

* * * * *

Response to link obitalk forum  http://www.obitalk.com/forum/index.php?topic=61.0:
We have made available a detailed OBi Device Admin Guide so that expert users can gain a complete understanding of the device's operation.

Admin Guide, OBiTALK Device Management Gide, and Other Docs Here:  http://www.obihai.com/docs-downloads.html


The documentation contains outdated advice that does not work or should not be used.
1) Using the Web Server-Based local configuration. The Admin password was changed successfully and is usable, until the reboot. Then Obihai Security Failure, Admin is back to the default password.
2) Nothing in ObiDeviceAdminGuide warns of not to use the web server-based configuration, but to use the ObiTalk server.

There is still alot of good items in the Obi Device Admin Guide. The guide is not detailed. The guide does not contain a complete understanding of the devices' operation. So what do you follow and what do you avoid?
Because of all the questions here in the Forum, it shows the Guide is not detailed or complete.
An update to the Guide is sorely needed, which integrates these common/reoccurring questions/answers into the documentation.

But as stated in the original post, this is my opinion.

:)

fin4agibson

Quote from: azrobert on November 15, 2019, 02:30:13 PM
Change the password from OBiTalk Dashboard. Click on the gear ICON to the right of your device. Change the Webpage Admin Password and click Save.

Thank you "azrobert" for responding.
I am having a hard time understanding what you are saying.
Which password are you referring to? On the OBiTalk Dashboard, the UserPassword is in the Device Admin screen, but no AdminPassword is shown. And no save button, only a submit.

Okay, backup, rewind, light bulb going on, ... Starting over. These are the steps I took.

1) I goto the OBiTalk Dashboard. My OBi Devices has my Obi200 listed.
2) There are two gear ICONs, not one, but two. Because alot of people have made a fuss about Expert mode, that is what I have chosen every time. Thinking that expert mode has all options. Expert mode, in this case, does not have all the options.
3) Choosing the correct gear ICON (with out the E), brings me to the Device Configuration - xxxxxxOBi200 page.
4) The first tab to appear and the correct one with the information I needed was Device Information.
5) Down five options was found Webpage Admin Password
6) I entered the new Admin Password on the OBiTalk webpage.
7) 4 more lines down is the Save button. Pressed it and the  Configuration has been updated successfully. is shown.
8 ) Test out the change by going to the OBi200 device local webpage and clicking on reboot in the upper right corner.
9) Access the OBi200 local webpage with old default password, no go.
10) Access the OBi200 local webpage with new password, IT WORKS!

Thank you "azrobert" for responding. This gave me enough information to finally get it to work.

Summary:
1) #1 Noob Mistake of not using Expert mode was what got me into trouble. No expert mode was needed to fix this problem of Admin Password. Only the plain gear ICON was needed, not the Expert gear ICON. I was too focused on staying in Expert mode.
2) Documentation is not complete or detailed, needs updating.
3) The forums assisted in leading in the right direction to help solve this problem.

Hopefully, this helps some other wondering lost sole.