20.11.2024, 08:53
Hello,
when I open the visualization page (/scada-vis) and I hit F12 in my web browser to display the requests that are emitted, I noticed a websocket request:
ws://LOGIC_MACHINE_IP/scada-vis/objects/ws?auth=username:xxxxxxxxxxxxxxxxxxxxxxxx
where xxxxxxxxxxxxxxxxxxxxxxxx is a mysterious token that seems to always be the same if the same user revisits the page later (firmware is 20211215).
How is this token calculated? Can you ensure me that anyone won't be able to compute back the user's password from this token?
when I open the visualization page (/scada-vis) and I hit F12 in my web browser to display the requests that are emitted, I noticed a websocket request:
ws://LOGIC_MACHINE_IP/scada-vis/objects/ws?auth=username:xxxxxxxxxxxxxxxxxxxxxxxx
where xxxxxxxxxxxxxxxxxxxxxxxx is a mysterious token that seems to always be the same if the same user revisits the page later (firmware is 20211215).
How is this token calculated? Can you ensure me that anyone won't be able to compute back the user's password from this token?