Seemingly scary WiFi connect (ESP-01) without even invoking CWJAP command

i am just now entering into the ESP8266 (ESP-01 module) world and am just familiarizing myself with the basic AT commands.

i am using this USB-UART CH340G module (no need an Arduino)
ESP8266proger.jpg

but i borrow the IDE Serial Monitor (haven't got PUTTY yet) to execute the AT commands.

all i have done is type the common AT commands going through the motions and confirming that responses are as expected - i had, on my first attempt, connected to the router using SSID & PWD accdly but after fiddling with haphazard URLs and trying CIPSEND, it hanged and later the router got upset (needed reset).

i have also played about with a Wemos D1 mini and i do get problems when not closing connections and the router needs a reset - i'm guessing it doesn't like the connection method which messes with the IP allocations - i haven't yet tried to use Static IP instead of letting the DHCP do it's thing.

i provide the long story above as an indication of what "type" (?) of router i am accessing.

the current issue is, the ESP-01 module (on second attempt and being prepared to do CIPCLOSE properly to avoid "router upset") - i got a shock when the module got connected to WiFi even before i tried to do so !

how did it do that ?

was there some kind of software (on the module) that "grabbed" it(the SSID/PWD etc) from the PC (also connected to the WiFi) automatically ??

or; did it remember the credentials from the earlier connection ?

here is the full sequence of AT commands as they were entered and the results;

AT
OK
AT+RST
OK
WIFI DISCONNECT    <<--- this must be from the ESP-01 module, right ? Auto-status feature or something?

 ets Jan  8 2013,rst cause:1, boot mode:(3,4)

load 0x40100000, len 27728, room 16 
tail 0
chksum 0x2a
load 0x3ffe8000, len 2124, room 8 
tail 4
chksum 0x07
load 0x3ffe8850, len 9276, room 4 
tail 8
chksum 0xba
csum 0xba
??{?l?le?
ready
AT+GMRAT version:1.1.0.0(May 11 2016 18:09:56)
SDK version:1.5.4(baaeaebb)
compile time:May 20 2016 15:08:19
OK
WIFI DISCONNECT
AT+CWLAP+CWLAP:(2,"XXX",-74,"X:X:X:X:X:X",2,-39,0)
+CWLAP:(2,"XXX",-55,"X:X:X:X:X:X",3,-41,0)
+CWLAP:(4,"XXXXX",-87,"XX:XX:XX:XX:XX:XX",6,-34,0)

OK
WIFI CONNECTED    <<--- this gave me quite a shock ! - i hadn't done anything after CWLAP !
WIFI GOT IP                            (is this normal ?) 
AT+CIFSR+CIFSR:STAIP,"192.168.1.XXX"
+CIFSR:STAMAC,"XX:XX:XX:XX:XX:XX"

OK
AT+CIPSTATUSSTATUS:2

OK
AT+RST
OK
WIFI DISCONNECT

 ets Jan  8 2013,rst cause:1, boot mode:(3,4)

load 0x40100000, len 27728, room 16 
tail 0
chksum 0x2a
load 0x3ffe8000, len 2124, room 8 
tail 4
chksum 0x07
load 0x3ffe8850, len 9276, room 4 
tail 8
chksum 0xba
csum 0xba
??;?$?d?
ready
WIFI CONNECTED               <<--- auto-connect AGAIN ?!
WIFI GOT IP
AT+CIPSTATUSSTATUS:2

OK
AT+CWQAP
OK
WIFI DISCONNECT

can anyone comment if this is some kind of security risk ?

ESP8266proger.jpg

did you read the docs? see the AT+CWAUTOCONN command

Juraj:
did you read the docs? see the AT+CWAUTOCONN command

oh wow - i haven't seen that command in the docs that i've read.

wasn't in the "ESP8266ATCommandsSet" - although that did seem to be more of a summary page than an extensive list.

BabyGeezer:
oh wow - i haven't seen that command in the docs that i've read.

wasn't in the "ESP8266ATCommandsSet" - although that did seem to be more of a summary page than an extensive list.

always go to the best source of information. the manifacture's site if it is available. the wild times where little information was available are past for the esp products

ahh okay - thanks, 68 pages !

will have to search the documentation about those "parameters saved in flash".

would you say that is a security risk having the SSID & PWD saved on the flash ?

someone could access it, couldn't they ?

BabyGeezer:
ahh okay - thanks, 68 pages !

will have to search the documentation about those "parameters saved in flash".

would you say that is a security risk having the SSID & PWD saved on the flash ?

someone could access it, couldn't they ?

the esp8266 SDK is propietary closed source code of the Chinese company Espressif.
how confidental are your SSID and password?

Juraj:
the esp8266 SDK is propietary closed source code of the Chinese company Espressif.

i see - we can't really know then.

Juraj:
how confidental are your SSID and password?

not life-threateningly crucial - but "better safe than sorry" - it's more about the principle that i'm trying to learn, and so thanks for confirming my guess/assumption.