What's the threat model where not storing them all at once provides any benefit?
If someone has admin it's already game over. Can just hook the browser to retrieve all passwords on demand.
If passwords are fetched remotely on-demand, you steal the account API key from memory.
If they're encrypted, you steal the master password or decryption key.
... So what's your solution?
> Right now, the printer's local MQTT server can only be accessed from the local IP using an 8 digit password obtained through through the physical display.
The problem is hackers don't need to play by the rules (accessing the display).
8 digits that never change is a joke in terms of security, it could be brute-forced within hours/days by sending a network request for each possible combination.
mitm: afaik Bambu Studio/Connect/Handy validate the printer's certificate during the TLS handshake, but most third party software probably doesn't (barely found documentation about it).
And there are a few other (although not as fundamental) weaknesses like no mutual authentication, access control or revocation of specific clients. Due to the nature of MQTT, every client can see messages sent by other clients once authenticated.
ppl always get caught up on the x509. They're actually a good thing and are absolutely necessary to prevent mitm since they use self-signed certs.
BambuStudio also works that way.
The issue is introducing further measures which don't provide any security benefit to the user (can be spoofed): only allowing critical commands from BambuConnect.