STM32CubeMonitor Security/Credentials critical issues

acv_atr · ‎2022-03-23

Hi everyone.

I'm trying to secure STM32CubeMonitor Editor and UI as defined to Node-RED, but is not possible secure STM32CubeMonitor.

After define a user and password at settings.js (even only for STM32 CubeMonitor) the editor and UI breaks and are simply useless.

This is a critical issue nowadays, not been able to secure a webserver that can be exposed to remote access, to provide REST API's and so on...

Tested STM32CubeMonitor v1.3.0

In other hand, this features works perfectly on native Node-RED instances.

There is a known workaround to secure STM32CubeMonitor editor and UI with user-password login?

stephane.legargeant · ‎2022-10-31

Hi @Andrea cavani

The release 1.5.0 is online. It should be possible now to secure the editor properly.

Please, let us know if it is ok with the new version.

Please note: In the default setting.js, the remote access is now disabled by default.

Best regards

Stephane

View solution in original post

acv_atr · ‎2022-03-24

Hello everyone.

There are some possibility of getting an answer from STMicroelectronics people?

Anyone has facing this issue or have this need?

Thanks for your time and attention

acv_atr · ‎2022-03-30

Hello to everyone.

Does anyone know a wrokaround to this critical issue?

Thanks for your attention.

Best regards

Richard.Chvr · ‎2022-03-31

Hello @_acv_atr

I tried using user and password at settings.js for both STM32CubeMonitor-1.3.0 and newly published 1.4.0 and didn't face any issue such as the one you mentioned (see attached settings.js). Can you detail your environment and the modification you made.

// Securing Node-RED
    // -----------------
    // To password protect the Node-RED editor and admin API, the following
    // property can be used. See http://nodered.org/docs/security.html for details.
    adminAuth: {
         type: "credentials",
         users: [{
             username: "admin",
             password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
             permissions: "*"
         }],
         default: {
             permissions: "read"
         }
     },

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

acv_atr · ‎2022-03-31

Hello @Richard.Chvr

Going in more detail:

OP: Ubuntu 20.04 desktop

CubeMonitor: v1.3.0

user: admin

password: admin_1234#

FLow: default from ST, after fresh installation

Editor asking for password as expected:

Editor stuck after enter correct password:

Node-RED UI not working properly after correct login

Please consider flow and settings on attachment.

If you need further details, let me know.

Thank you

Richard.Chvr · ‎2022-03-31

@_acv_atr

Thank for these details, I've tested this configuration on my ubuntu machine (I previously successfully tested it on windows) and I confirm the issue you face. Will investigate and come back to you.

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

ACava.1 · ‎2022-05-02

@Richard.Chvr

Any news or update about this subject?

Thanks for your support.

ACava.1 · ‎2022-05-09

Hello @Richard.Chvr .

There is any update or workaround regarding this critical issue?

Thank your for your attention

Richard.Chvr · ‎2022-05-09

Hi @Community member

Problem have been submitted to dev team. Still waiting for feedback .

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Richard.Chvr · ‎2022-09-29

Hi @Andrea cavani

Issue should be corrected in next release 1.5.0 that will come soon.

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.