Login of the GUI

Hi all,

I am surprised that the default GUI login is “admin” and that it cannot be modified (as well as port 444)…

Isn’t this a security risk ?

The user admin can be changed, see https://wiki.ipfire.org/optimization/start/wui_username

2 Likes

Thanks @Yoda, I didn’t know !

I think this feature should be further highlighted, integrated into the setup of IPFire (ask GUI login name) or be able to change it from SSH (e.g. by script).

It is not ideal, but I do not consider it a large security risk.

The only useful attack that we know is brute-force. If an attacker knows the username, they only have to test passwords. Considering that username being unknown, the space to search would just be larger, but a password that is strong enough would make the search space large enough as well.

I have deleted this page, because it suggests editing system configuration files which will be overwritten with updates.

If you want to change the username, please submit a proper patch so this is safe for updates.

Ok, I understand better :slight_smile:

@Michael Tremer, thank you for the explanations !

I just deleted the addition I had made in “Good Security Practice”

2 posts were split to a new topic: Change password for admin