#1  
Old April 29th, 2012, 12:57 PM
claykin claykin is offline
Junior Member
NETGEAR User
 
Join Date: Mar 2009
Posts: 71
claykin is on a distinguished road
Default Netgear still not thinking security is important

Two things I immediately notice Netgear does wrong that should be improved in this and all affected models currently being sold.

1) HTTPS login to router does not work. Not using "routerlogin.net" domain or via LAN IP. HTTPS should be an option at the very least. Ideally, ability to also disable HTTP login. HTTPS is a no brainer in modern hardware. There's no cost to doing this right execpt a little better programming on the part of the firmware engineers. Yes, even a local untrusted SSL certificate is better than HTTP. Reason: HTTP passwords are sent plain text. Meaning they can be easily revealed by anyone using Wireshark or the like. Also, anyone who allows remote mamagement using HTTP is at risk.

2) Why are wifi passwords listed in plain text when logged into admin GUI? I know the answer is because the average consumer forgets them and allowing them to easily see these passwords in the interface resolves support calls quickly. Great, but poor security especially with these new GUI models that plainly scroll the wifi passwords across the main screens. At the very least show the password as stars (not readable using typical tools such as NIRSOFT Asterik revealer) and if the user wants to see their wifi password make them type in the router admin password again. This way if I have someone looking voe rmy shoulder while administering one of these units I can not worry about easily revealing the wifi passwords.

I hope someone from Netgear looks here and takes this into consideration. I shouldn't need to purchase a commercial AP for every SOHO or SMB that has more basic wifi needs.
Reply With Quote
  #2  
Old May 16th, 2012, 04:43 AM
wombatch wombatch is offline
Junior Member
 
Join Date: May 2012
Posts: 1
wombatch is on a distinguished road
Default Re: Netgear still not thinking security is important

Hi, I was just looking to see where I could post (in the hope that Netgear would do something about it) the issue with the password in clear text on the gui! I can't understand how that can not be an issue, log on to the gui and the first thing you get is a screen with the ssids and passwords. It really needs to be sorted out.
I have some other concerns too..
I can't tell from the gui whether a wireless client is connected to the base wireless zone or the guest zone. I dont care too much about the guest zone but I need to know if someone gets onto the base.. but.. no way to tell??
I would like to set up some blocking rules etc in the router, ok fine I can do that, but it seems I need to have the IP address of the clients? So, I have DHCP and then I need to fix all the client IP addresses so that I can define rules for them?
I agree with your comment, there is not much thought of security (but the firewall does seem to work ;-) )
Like you I hope netgear sees this and decides to fix some of these issues that kind of mess up what seems otherwise to be a good product.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 08:22 PM.