Linux.MulDrop Threat

davefy · June 10, 2017 at 11:31 PM

Is LibreElec on Raspberry Pi 3 affected by the Linux.MulDrop.14 security hole?

**Klojum** · June 11, 2017 at 7:05 AM Official Post

Quote

They infect by hitting open ssh ports of the Raspberry Pi using the default password for the pi user, then changing it.

Opening the SSH port in your router to the world is a vulnerability created by the user.

Changing the password of LibreELEC is not even possible at this time.

So it's a yes and no answer.

**Iridium** · June 11, 2017 at 6:02 PM Official Post

Quote from Klojum

Changing the password of LibreELEC is not even possible at this time.

I guess this is because LE is a R/O system.

Could it be possible to include a script in .config/autostart that changes the password on boot?

**chewitt** · June 11, 2017 at 9:15 PM Official Post

Not currently, but it will be possible in the future once the changeable passwords PR has been merged.