Recently I noticed a couple of "Login attempt or request with invalid authentication from " in my system logs.
It would be nice to know what user name and password were attempted - to understand if whoever was behind these attempts were close to being right.
Could this info be added into the log?
This will reduce the security. If any of the users misstype their password (maybe just one incorrect char) you will be able to see their password (or to get very close to that).
3 Likes
More info: WTH are those Login Attempt failed?.
Logging passwords, right or wrong, is always a bad idea.
2 Likes
true enough - so maybe not such a good idea after all - I made the suggestion but in my case I’m the only one using Home Assistant so not an exposure for me - but I do see what you mean where multiple users are using the system
1 Like