Security vulnerability with Firewalla
I just set up my firewalla and I'm afraid I already found something that is a bit concerning.
firewalla apparently has SSH enabled by default and it cant be turned off. On top of that there is no ability to set a user defined password. We are stuck with using a system created 8 character password. Even if you try to do a password reset the only option is to let the system generate a new password -- you cant set your own password.
In my opinion this is very poor security practices. With SSH enabled and only being protected by a weak 8 character non user changeable password firewalla has a sizable security vulnerability. The password should be much longer and frankly the user should have the ability to turn off this backdoor. I understand the need for the firewalla team to be able to troubleshoot problems with it's users but this is not best security practices.
Please give us the option to turn off SSH and only enable it when we need to reach out to you for support/when we want to use it ourselves. Also an option to set a stronger 15-30 character password would be appreciated.
I don't know how everyone else is doing it but for me personally all of my online accounts are set to unique 15-30 character passwords (and two factor where possible). 8 characters just doesn't cut it anymore now-a-days.
For those that don't know what I'm talking about: From the Firewall app go to your Firewalla > Settings > Help and Support > SSH Console
-
Wade
Thanks for the notes. These are good points.
The SSH interface is not a back door. We do not have the password. The password is generated automatically and not send to us. That password will reset itself during updates or reboots. (So it won't be the same + extra randomness) The reason we left SSH there was due to requests from our crowdfunding supporters, they want to know what's going on with the box inside, and curious on how we work.
You point is taken, we will do the following:
1. Make the button to turn off SSH work. So you can turn off SSH.
2. We will make the default generated password more complex.
I'll let @melvin reply to the rest, he owe you a github issue so you can track our commitment. We will invite you to test it out if you want.
Again, appreciate your feedback.
-Jerry
-
I have created two github issues respectively for "password length" and "turn off ssh".
https://github.com/firewalla/firewalla/issues/601
https://github.com/firewalla/firewalla/issues/602
Thanks for the feedback.
-
Thanks for the quick responses/action! I'm loving my firewalla and appreciate the work you guys have put into this. Looking back I apologize that my comments came off strong. In hindsight I wish I would have worded it differently.
Also, more importantly, I TOTALLY misunderstood how SSH was configured/working. I thought SSH was turned on to the external facing network. This basically renders all of my concerns totally moot. So yea... heh, apologies!
A quick note regarding password strength: If I'm not mistaken as of 2012 it has been considered fairly trivial to crack an 8 character password (https://arstechnica.com/information-technology/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/). Granted the hardware required for this isn't exactly cheap but for today's standards it's definitely within reach. That said, we are probably approaching tinfoil hat territory here. The risk is probably pretty low that a targeted attack would take place. Again all this is moot since SSH isn't turned on to the external facing network.
Thanks for making a great product and again, apologies for my misunderstanding!
-
Thanks Wade. Great feedback. We already took your advice to increase the password to 10 characters. Hopefully, that piece of code will be released soon.
If you have any other concerns or suggestions, please post them. Teach us what you need and we will make it happen. We think this is path to our success :)
Please sign in to leave a comment.
Comments
4 comments