Hardcoded admin credentials in scripts?!

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
fabriziorizzo
Starting out
Posts: 34
Joined: Tue Sep 20, 2016 6:40 am

Hardcoded admin credentials in scripts?!

Post by fabriziorizzo »

Okay QNAP...

Fortunately, whatever they've got running on :8080 by default behind the scenes only seems to do SSLv2
and wget ends up tossing errors.

Companies who hardcode absolutely stupid crap like this deserve whatever happens...

$CMD_WGET -q --http-user=admin --http-password=qrsadmin -O $FOLDER_TMP/$PATTERN_DEFAULT_LOG_FILE http://$ip:8080/cgi-bin/hwtest/qrs_dump_log.cgi >> /dev/null

found this in /etc/init.d/dump_all-trct_log.sh

WTH? :shock:
-
Fabrizio
TVS-1282T (Intel I7-6700 @ 3.4GHz, 32GB RAM, 8x 16TB Seagate Exos ST16000NM001G RAID-6, 4x 960GB Corsair Force LE SSD RAID-10, 2x Samsung 512GB M.2 Flash RAID1 cache, 40gbps bonded eth0+1+2+3)
Top
User avatar
jaysona
Been there, done that
Posts: 856
Joined: Tue Dec 02, 2008 11:26 am
Location: Somewhere in the Great White North

Re: Hardcoded admin credentials in scripts?!

Post by jaysona »

QNAP coders - FTW!! :roll: :roll:

So much lulz!!
RAID is not a Back-up!

H/W: QNAP TVS-872x (i7-8700. 64GB) (Plex server & encoding host) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6706T (32GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AX86U - Asuswrt-Merlin - 3004.388.6_2
Router2: Asus RT-AC66U - Asuswrt-Merlin - 386.12_6
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
Top
Post Reply

Return to “Users' Corner”