Pwnd Eft Ios 15.zip

[Zee Petty]

Theadd-on is the Node RED add-on in the supervisor, if you open up the supervisor on your console, select Node RED and go to the Configuration tab you will see an item in the configuration called credential_secret where you specified a password during setup, it is this that is insecure and has been found in the Have I Been Pwned database.

I then changed the secret, restarted node-red, and can confirm that the credentials I had entered were missing after dismissing the warning. Other details about the node, smtp server etc, remained. Only the user/pass was cleared.

I think that the Home Assistant nodes were unaffected by the credential_secret change because they do not have credentials stored in the Node Red config due to the way that the add on is built (see 1st screenshot above).

I then bit the bullet and changed the credential secret in the addon. I also checked the new (really long) password on the have I been pwnd website and it gave it the all clear. Reconfigured nodered (and the mqtt connection) and all was good.

3a8082e126