Security Issue in config.xml

Hi there,

I'm not sure whether it's the right place to post but github said it's best to post here first. So here I am.

I just realized that if you set up an email account in order to get notifications the authentication password is stored in plain text which I think is not a good practice. I believe it would be good to had a hash in here instead of plain text.

So let's say if somebody is stealing my NAS, he/she can look inside the code and access my mailbox.

Hope somebody can modify that...

Enjoy 2021

Fr3sh

Zitat von mi-hol

Most email accounts are free of charge, if you are concerned about security, just create an email account for this purpose.

I've already done that ; I was just pointing that fact. Just wondering if we could hash it somehow

Zitat von ryecoaaron

But if they have your NAS, they have the code and salt to decrypt it.

I'm more a hacker than a developer and I understand you can't send the password to your mail sever as a "hash" so you'll have to have a function reverting that "hash". That function being in the code you could use it to revert the hash and gain access to the password...

Just wonder if there was a way to protect that password...
As a workaround I use a dummy email account but to me it's a workaround.

Any developer/programmer giving a hint on how to do this ? Just so I can learn a bit more...

Have a fun day

If the linux password is weak, there are ways to crack them (john the ripper or hashcat) but that's not the point.
I thought you could encrypt the omv drive but you would have to enter a password each time you reboot which is not convenient for a NAS.

I guess you're right, there is no easy way to improve this. Could be a good research topic though