glenn
/
asteroid
mirror of https://github.com/glenneth1/asteroid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: Remove hardcoded admin credentials from login page 

CRITICAL SECURITY FIX:
- Remove display of default admin username and password from login.ctml
- Login page no longer advertises 'admin' / 'asteroid123' credentials

This was the security issue Fade mentioned during b612 deployment:
'the templates with the default passwords for sure need changing'

Addresses TODO item:
- Problem 4: Templates advertising default admin password  FIXED

Ref: TODO.org line 29-30
This commit is contained in:
glenneth 2025-11-03 19:49:53 +03:00
parent ce4fced380
commit 25183ea5cf
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
template/login.ctml
View File

@ -37,11 +37,6 @@
<button type="submit" class="btn btn-primary" style="width: 100%;">LOGIN</button>
</div>
</form>
<div class="panel" style="margin-top: 20px; text-align: center;">
<strong style="color: #ff6600;">Default Admin Credentials:</strong><br>
Username: <br><code style="color: #00ff00;">admin</code><br>
Password: <br><code style="color: #00ff00;">asteroid123</code>
</div>
</div>
</div>
</div>