On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT
OBi2182
OBi1022
Poly D230
OBi200
OBi202
OBi212
OBiWiFi5G
Started by aselvan, October 21, 2014, 05:35:03 AM
Quote from: aselvan on October 21, 2014, 05:35:03 AMI got my OBi110 yesterday and the first thing I tried to do is change the admin password via the interface but I am unable to do so.
Quote from: Shale on October 21, 2014, 05:57:25 AMQuote from: aselvan on October 21, 2014, 05:35:03 AMI got my OBi110 yesterday and the first thing I tried to do is change the admin password via the interface but I am unable to do so. Which interface?See http://www.obitalk.com/forum/index.php?topic=61.msg109#msg109
Quote from: Shale on October 21, 2014, 06:36:13 AMGlad it worked out.I am a bit shocked that the OBiTalk interface could get into the OBi without knowing the password.
Quote from: SteveInWA on October 21, 2014, 08:04:50 PMQuote from: Shale on October 21, 2014, 06:36:13 AMGlad it worked out.I am a bit shocked that the OBiTalk interface could get into the OBi without knowing the password. I assume that the device had first been added to the OBiTALK account with a default user ID and password, so this gave it access to the device, regardless of any subsequent changes to the device on the local side -- as soon as the device reboots, it syncs with the portal, which wipes out anything locally-configured, including the password. One might argue that this is a vulnerability, but the assumption is that the user had to have physical access to the device to add it to the portal (go through the **5 device discovery routine), so they're authorized to access the device via the portal.