Forgot your admin password? v1.803+ has an admin password reset feature

jksjks
edited February 14 in Configuration and Operation

[See below for a description of the new admin password reset feature beginning with software v1.803]

In the last week we've had three people ask us to tell them the admin password that they set themselves.

We cannot do this! The Kiwi does not transmit the admin password to us!

Please write down your admin password and/or record it in a file in some obvious place. Your only option if you can't remember the password is to do a complete software re-flash. And making an SD card to do the re-flash is not easy for everyone to do. Also, if you know enough to ssh into the Beagle directly you can find the admin password in the Kiwi admin configuration file (ask us about this).

The only thing we can tell you is the default admin password that the Kiwi is delivered with based on its serial number. This default password is also written on the bottom of the unit.

Comments

  • jksjks

    I thought of a way to add an admin password reset function. It has to be implemented very, very carefully so as not to cause security problems. I'll try and have this ready for the next release.

    TremolatsmgNate_R
  • jksjks
    edited February 16

    Okay, I think the new admin password reset scheme is working well. See image below.

    The option will appear only if you connect from your local network. Not from an Internet connection (e.g. not from a Kiwi-2 serial number based proxy connection: 2xxxx.proxy.kiwisdr.com/admin). Use my.kiwisdr.com to find the local IP address link to your Kiwi's admin page (e.g. 192.168.1.101:8073/admin).

    You must also provide the Kiwi's serial number. This should be easy since it's written on the physical hardware (Kiwi-1: written in the white box on the Kiwi PCB, Kiwi-2: written on a label on bottom of case).

    As a further security measure the option will only appear for the first 5 minutes after the Kiwi software starts (power-up or software restart).

    So the restrictions should guarantee the Kiwi is in your immediate physical control. So no good for your remote Kiwi located 300 km away on a mountain top.

    If anyone can think of a flaw in this reasoning please let me know ASAP.

    admin.pwd.reset.jpg

    Everything is carefully validated on the server-side. So anyone hacking Javascript on the browser shouldn't be able to exploit the scheme.

    Nate_Rstudentkrasmg
Sign In or Register to comment.