I just received mine in the mail today after waiting FOREVER... my favorite part so far is the gaping security flaw it ships with... Inside the box there is a note that reads "your initial userid and password are limeos/limeos (userid: limeos, password: limeos). Please don't change password and userid until further notice". The first then I then went and did was check to see if SSH is enabled, and it is...
So basically here's the flaw it ships with out of box: 1) The password should always be limeos/limeos (if they follow the instructions) 2) anyone should always be able to get into it full root access via SSH
I've reported the flaw to them, who knows what they will do with it... But if you have a cherrypal already, I strongly recommend pulling it from the internet (or at least putting it behind a firewall).
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
I just received mine in the mail today after waiting FOREVER... my favorite part so far is the gaping security flaw it ships with... Inside the box there is a note that reads "your initial userid and password are limeos/limeos (userid: limeos, password: limeos). Please don't change password and userid until further notice". The first then I then went and did was check to see if SSH is enabled, and it is...
So basically here's the flaw it ships with out of box:
1) The password should always be limeos/limeos (if they follow the instructions)
2) anyone should always be able to get into it full root access via SSH
I've reported the flaw to them, who knows what they will do with it... But if you have a cherrypal already, I strongly recommend pulling it from the internet (or at least putting it behind a firewall).