NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
major security problem: new Orbi RBK50 router + wireless : SSID does not ask for login or password
Hello,
Just bought new Orbi RBK50 router + extender.
Login to orbilogin.net, system configuration no problem (which I am used to)
Setup SSID login and pass as well as Orbi login and pass.
Hit the ceiling when I saw that any device can freely access Internet simply by choosing SSID without entering login and password. Horrible security problem.
I updated the firmware, reset the orbi and problem persists.
In the meantime, I only allow access for approved devices, but this is a big pain and waste of time to manage.
Thank you very much for your time and help.
dorindon
Every time you connect to a new AP from one iOS or Mac device the password is stored in iCloud Keychain. This means ALL your iOS/Apple devices will connect automatically without entering a password, just as you described.
To prove this to yourself, do the following on your iOS device. Settings, Wi-Fi, click the little i in the cicle next to your Orbi. Now click "Forget this Network"
Now, try to connect again. Your device will ask for the password this time.
12 Replies
Maybe I'm not quite understanding your issue but...what are you talking about?
For normal operation you just need the SSID and the password (hopefully WPA2-PSK) unless you disabled encryption. Once a client is connected it's free to access all the resources including going to the internet. The client won't have access to your router admin page without providing a username and password.
If you want to set up access controls you would do that in Advanced -> Security -> Access Control.
Hello and thaks for taking time to consider my question.
You said: For normal operation you just need the SSID and the password (WPA2-PSK): yes, that it what I did, and I therefore expect any new device to ask for a password the first time I pick the Orbi SSID.
Just so there is no misunderstanding I am very familiar with computers (MAC), routers, etc. Just to let you know, my level is (usually) quite advanced.
The problem is the following: i went through the complete installation procedure as I have done many time in the past.
I also checked all the parameters: encryption on, NO guests allowed, etc
I obviously configured the router so that the SSID requires a password (with letters and numbers for security purposes) and rechecked the configuration multiple times before posting in this forum.
The problem is the following:
- I take my iPhone, ➤ settings ➤ WiFi ➤ tap on the SSID ... and I log in AUTOMATICALLY without entering the password. I tested the browser and yes, I have full speed Internet via WiFi (not 4G). I am sure that it is the WiFi, if only the fact that it is much faster than 4G.
-As a second step, I take my iPad which does not even have a SIM (WiFi access only). I go to settings, WiFi, click on the SSID (Orbi857) and presto I have full access again without entering a password.
I checked the configuration, reset the router, updated the firmware, etc which did not solve the problem
thanks again
dorindon
If you replaced an old wifi setup that had the same SSID and password as the Orbi, your devices have it cached, which is why you aren't being prompted - clients can't tell what hardware they are talking to, only the (B)SSID.
I do strongly recommend WPA2-PSK only, as TKIP was broken some time ago.
Rodney