[CRITICAL] Weak default PostgreSQL credentials in example secrets #12

New issue

Open

opened 2026-05-05 15:43:14 -05:00 by pjennings · 0 comments

pjennings commented

2026-05-05 15:43:14 -05:00

Owner

Labels: area:security, area:containers, priority:critical, type:bug

Description

In modules/secrets.example/db1.nix:

POSTGRES_USER = "rnetadmin";
POSTGRES_PASSWORD = "rnetadmin";  # Initial setup only

The username and password are identical, which is the weakest possible credential combination.

Impact

CRITICAL — If actual production secrets follow this pattern (which the comment 'Initial setup only' suggests was the case), the database is trivially compromisable. The PostgreSQL port (1025) is accessible from the entire mesh network.

Recommended Fix

Verify production PostgreSQL uses a strong, randomly generated password (32+ characters)
Add a validation check in the secrets module to reject weak passwords
Document minimum password requirements in the secrets.example template
Rotate any database passwords that were ever set to weak values

**Labels:** `area:security`, `area:containers`, `priority:critical`, `type:bug` ## Description In `modules/secrets.example/db1.nix`: ```nix POSTGRES_USER = "rnetadmin"; POSTGRES_PASSWORD = "rnetadmin"; # Initial setup only ``` The username and password are identical, which is the weakest possible credential combination. ## Impact **CRITICAL** — If actual production secrets follow this pattern (which the comment 'Initial setup only' suggests was the case), the database is trivially compromisable. The PostgreSQL port (1025) is accessible from the entire mesh network. ## Recommended Fix 1. Verify production PostgreSQL uses a strong, randomly generated password (32+ characters) 2. Add a validation check in the secrets module to reject weak passwords 3. Document minimum password requirements in the secrets.example template 4. Rotate any database passwords that were ever set to weak values