Pwned password in Node RED addon

I’ve been getting the notification for the last week or 2. I first tried blacklisting the haveIbeenpwnd site that I found in a different thread on my pihole server. However i continued to get the notification.

I then bit the bullet and changed the credential secret in the addon. I also checked the new (really long) password on the have I been pwnd website and it gave it the all clear. Reconfigured nodered (and the mqtt connection) and all was good.

However a few moments later I still get the notifications!

I tried restarting the addon and also HA - But still the notifications keep coming. Any ideas why?

To anyone interested, the password check can now be disabled with the command below in the CLI using the latest versions of either the core-ssh add-on or the community ssh add-on:

Terminal & SSH (core) version 9.1.0
SSH & Web Terminal (community) version 8.0.4

ha resolution check options --enabled=false addon_pwned

reboot the host after this so that it will take: ha ho reboot

4 Likes