flowintel-cm icon indicating copy to clipboard operation
flowintel-cm copied to clipboard
verified publisher icon flowintel

Docker: Default is user unusable

Open LukeVader-IV opened this issue 7 months ago • 2 comments

All documentation of flowintel indicates that, after deploying the tool for the first time, a default user [email protected] with password admin should exist. I verified that these credentials are correct in app/utils/initdb.py. However, when attempting to sign in with these credentials, it fails. Due to issue #23 , I was able to verify that it does not accept the password. Is it possible that the account is accidentally created without a password whatsoever?

Steps to reproduce:

  1. clone repo, and navigate to the relevant folder
  2. docker compose up -d
  3. attempt to log in to the UI with these credentials

Suggestion:

While these credentials obviously need to be changed at first login, I do not believe that this approach is best practice. Maybe it would be better to generate a short random password/passphrase that gets printed in the logs? This should then be followed by a required and unskipable password and username change dialog on first login.

Alternatively, If the tool can be set up from scratch to connect to MISP, it could maybe use that to authenticate users? Thereby avoiding the requirement for a default user account all together.

LukeVader-IV avatar Jun 27 '25 14:06 LukeVader-IV