Bug #15388
closed
Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
0%
Description
During first boot, new in 24.03 is that the admin password is prompted to be changed from the serial console on first boot. However, even if you change it here on first boot, it still asks you to change it yet again in the first login webConfigurator Setup Wizard. There should be a hash comparison against the admin user's current password against a hash of the default "pfsense" password so that this prompt is skipped when it has already been changed from the console.
Updated by Jim Pingle 25 days ago
- Status changed from New to Rejected
The wizard has always prompted to change the password, users like having the option. That step can be skipped the same as always by leaving the boxes empty. Nothing has changed here.
Skipping the prompt if the password is non-default would mean it would only ever show during the first run of the wizard, taking that functionality away from the user.
Updated by Kris Phillips 19 days ago
Jim Pingle wrote in #note-1:
The wizard has always prompted to change the password, users like having the option. That step can be skipped the same as always by leaving the boxes empty. Nothing has changed here.
Skipping the prompt if the password is non-default would mean it would only ever show during the first run of the wizard, taking that functionality away from the user.
If this is the case, we should clarify in the webConfigurator that users can leave the fields blank and proceed if they've already reset the password to non-default, as this isn't particularly clear in the web UI.
Additionally, this conflicts with the serial console, which will force you to change it if it's non-default. If you try and hit Control + C to break out of it and you left it still as "pfsense", it'll immediately re-prompt. If the webConfigurator doesn't do that, it's inconsistent.