Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Improve security, the ewelink password is visible, not encrypted or scrambled.

See original GitHub issue

Please explain your feature request in a one or two sentences. The eWelink plugin password is in plain text and visible in the config.json file or directly in the Homebridge configuration editor. Wouldn’t it be better if it was in base64 or some other kind of encryption instead of plain text, even in an encrypted file.
Is your feature request related to a problem? Please describe. Security flaw by having the password visible in plain text instead of an encrypted or scrambled format.
Any particular eWeLink devices that this relates to? No
Anything else? No
Info version Node.js: v14.16.0 npm: v6.14.11 Homebridge: v1.3.4 Homebridge UI: homebridge-config-ui-x v4.41.0 Homebridge Ewelink: homebridge-ewelink v5.5.1
Example Current

         {
            "name": "eWeLink",
            "username": "yourmail@domain.com",
            "password": "HelloWorld1234",
            "mode": "auto",
            "platform": "eWeLink"
        }

With hidden password in base64

         {
            "name": "eWeLink",
            "username": "yourmail@domain.com",
            "password": "SGVsbG9Xb3JsZDEyMzQK",
            "mode": "auto",
            "platform": "eWeLink"
        }

Issue Analytics

State:
Created 2 years ago
Comments:19 (9 by maintainers)

Top GitHub Comments

1reaction

bwp91commented, Mar 23, 2021

Don’t forget you will also need to tick the “Encoded Password” setting so the plugin knows to decode your password (needed so it doesn’t try to decode any user’s password that hasn’t been encoded in the first place)

1reaction

bwp91commented, Mar 23, 2021

v5.1.1 was released before and so doesn’t decode the password.

It’s something I have added to the beta version, you can use the “Install Previous Version” feature in homebridge-ui (the spanner icon on the plugins page) and you can select the top entry which should show ‘v5.5.2-2 - beta’ to install

Top Results From Across the Web

Security Reminder - eWeLink Help Center

eWeLink takes user privacty and security seriously. We feel obliged to remind our users of the importance of password security.

homebridge-ewelink - Bountysource

Homebridge plugin to control eWeLink devices with original firmware. ... Improve security, the ewelink password is visible, not encrypted or scrambled. $ 0....

Password scrambler could protect even the weakest passwords

S-CRIB Scrambler uses hardware that holds encryption keys to scramble passwords using SHA1-HMAC, a keyed-hash message authentication code.

Untitled

... https://www.walmart.com/ip/Never-Forget-Address-And-Password-Book-Rustic- ... /ip/New-Perspectives-Language-Education-Making-Visible-University-English- ...

wikihow-activities-normalized-aggressive.txt - People

... draw hobbit make hasty pudding not care stop potato cook bok choy save diamond ... secure website prevent vein repair cd do...