acassis opened a new issue, #16822: URL: https://github.com/apache/nuttx/issues/16822
### Description / Steps to reproduce the issue Default password is a very explored vulnerability on Linux systems and the new security recommendation is to never release products with a default password. Unfortunately NuttX uses a default /etc/password as well. You can see where is it used running: ``` $ git grep "8Tv+Hbmr3pLVb5HHZgd26D" ``` I suggest we change it by requesting to the user to create a password during the build phase. Although the best option is the end user to setup the password the first time use power up the device, but at least doing it in the build process we avoid the same default password being used for all NuttX embedded systems. BTW I decided to release it here as [SECURITY] because it is not a security fault on NuttX source code, but just in the way we do the things. ### On which OS does this issue occur? [OS: Linux] ### What is the version of your OS? Ubuntu ### NuttX Version all ### Issue Architecture [Arch: all] ### Issue Area [Area: Other] ### Host information _No response_ ### Verification - [x] I have verified before submitting the report. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@nuttx.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
