D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: kiki64 on January 03, 2010, 11:24:08 PM
-
My software version is 1.32NA which is the newest one.
Conditions: Must some how be connected to router and guest password password blank.
(Not sure if software cd sets password for guest or not didn't use)
I was exploring my router setup but I didn't have the router password on my laptop so I logged in under the "user" account which I never put a password on. I have never been in this account so I looked under most of the pages. When I clicked on [Setup > Wireless Settings > Manual Wireless Network Setup] I was surprised that my WPA-2 key had circles filled in unlike the admin and user passwords at [Tools > Admin]. I viewed the source and scrolled down to that part of the web page and found that my wireless password was indeed there in plain text since it is the source.
I understand that the person has to have access to the router to get to the the user interface but I don't think the password should be in the source under the user account if the router passwords aren't there. Please change this.
Solutions: Password protect the user account.
I will not likely come back to reply I just hope this might be in a future update.
-
If someone was able to login to your router's homepage, they would already be on your network, and therefore already know the password. Right?
-
Not true. For example:
Here in Sweden we have stupid laws against downloading "Copyrighted" software and music and such, but you can circumvent this by making the guest-zone an unprotected network so that it "Could have been anyone" in case the lobbyists like MPAA or something knocks on your door...
So.. I might want people to be able to access my network without the ability for them to mess with my router settings.
-
Not true. For example:
Here in Sweden we have stupid laws against downloading "Copyrighted" software and music and such, but you can circumvent this by making the guest-zone an unprotected network so that it "Could have been anyone" in case the lobbyists like MPAA or something knocks on your door...
So.. I might want people to be able to access my network without the ability for them to mess with my router settings.
I don't know Swedish law, but according to dutch law this does not provide legal coverage for downloading illegal content. And if so, you will have a hard time proving this.
-
Not really.. We have a law called IPRED something something.. meaning pretty much anyone (In reality only the copyright mafia) can acquire the owner behind an IP simply by claiming that their "Rights" have been violated. However, it is still up to them proving that you in person did it. You are not automatically helt guilty for what is going on on your connection. Especially not if you have no logs and "know nothing about routers and such fancy things"...
In fact, even if you change the SSID to "Up yours MPAA" that in itself doesn't mean they can prove anything.. They will probably be inclined to look closer, but that's a different story..
Laws and such aside though.. I'm just trying to say that there might be a valid reason for wanting people on your network without wishing for them to have access to your router settings. Passwords should never be displayed in clear text no matter what.
-
So.. I might want people to be able to access my network without the ability for them to mess with my router settings.
I think you misread what the OP wrote.
Was logged in under the user account which can not change any setting of the router. Only the admin account can and a user can not see the admin password even if they "view source" as it will be blank. This is why you use different passwords for user and admin. ;)
-
I read "unlike the admin and user passwords".. And he was also addressing the issue that the user has no password by default I think.
-
I read "unlike the admin and user passwords".. And he was also addressing the issue that the user has no password by default I think.
I was exploring my router setup but I didn't have the router password on my laptop so I logged in under the "user" account which I never put a password on.
One of the first things you do to secure your network is add or change passwords for accounts, wireless from default.
-
Yes of course, but that is if you know stuff. A majority of the users who buy routers just plug them in and hope it works. So anyone who know their stuff can log in with the "user" account and see the passwords.
Like I said.. a password should NEVER be displayed in plain text ever.
The guide for dumb people prompts you to set up a password and such, yes.. but you CAN skip it..
There is no benefit to displaying a password in clear text.. just poor coding and a potential security risk.
-
Yes of course, but that is if you know stuff. A majority of the users who buy routers just plug them in and hope it works. So anyone who know their stuff can log in with the "user" account and see the passwords.
Like I said.. a password should NEVER be displayed in plain text ever.
The guide for dumb people prompts you to set up a password and such, yes.. but you CAN skip it..
There is no benefit to displaying a password in clear text.. just poor coding and a potential security risk.
Well a lot of apps have passwords in plain text now even Filezilla. No one except people on your network could see the password and what does it matter as they can not change it. As long as the admin password is safe then no one can change anything in the router. User can not see admin like I posted before.
Also, it is the task of the operating system to secure files on a PC not a router and a web browser is a file last time I looked.
-
Well a lot of apps have passwords in plain text now even Filezilla. No one except people on your network could see the password and what does it matter as they can not change it. As long as the admin password is safe then no one can change anything in the router. User can not see admin like I posted before.
Also, it is the task of the operating system to secure files on a PC not a router and a web browser is a file last time I looked.
I am confused by your statement. Isn't the router password and config information stored in the router's PROM? If so, then how would the OS secure the information at a file level?
-
You can't see the info unless you view source of the setup pages in a web browser.
Last I knew of web browsers are all files that run on an OS.
-
You can't see the info unless you view source of the setup pages in a web browser.
Last I knew of web browsers are all files that run on an OS.
I understand that, but the browser is displaying what it is supposed to display, and it is accessible by any user on the system, unless it is locked down. Which, in most environments is not feasible.
IMO, for the people that this router is marketed to, the password should be encrypted. If it isn't, then the advice of setting two different passwords, for user and admin, should be followed, and made clear to the end user.
-
If there are passwords for user and admin then not anyone can see the info as they would need to log into the router setup pages.
Also, a "user" who has logged in can not see the admin password which you would need to change any setting of the router.
The setup pages blank out the admin password if it is a user logged in even without a password for the user account.
Bottom line is make sure you have a good admin password and then you can worry about more important things in life.