As always, we pay close attention to security in every new product and software update. Protecting the data of our customers has always been a top priority at Loxone since the company was founded in 2009. In our upcoming version of Loxone Config & App, we are raising the bar again.
Are you aware of existing lists of username/password combinations circulating the internet? They’re out there and may be used for cyber attacks. So far, there are no successful attacks on any Miniservers, but we are taking proper precautions. In our upcoming release on June 29th, we will ensure that username/password combinations from these existing lists will no longer be used in our products.
The Loxone Config & App will now prevent users from selecting passwords that are included in such lists, and therefore, accessible to potential attackers. Previously existing users with such passwords will be warned at log-in and given a warning (optional) to change their password. However, the decision remains up to the user.
This security feature also affects the initial set-up of a Miniserver. The default user and password (admin/admin) must be changed.
This post was written by Loxone. You can find the original post by clicking on the link below.
Original post