Forum Discussion

Initiate

Oct 17, 2019

Solved

Why isn't ORBI Login Secure

I like the product but why is the browser login for Orbi insecure? (http://orbilogin.net/adv_index.htm). IF I change to HTPPS I get a different error. I don't use the phone app becasue I find t...

Troubleshooting

CrimpOn
Feb 14, 2020
willemdh wrote:

HTTPS is really important and should also be enabled inside the network. otherwise the password used when logging in, can easily be sniffed by bad actors..

Please add this feature asap...

Done!

It works already. The ugly thing, however, is that Netgear has totally messed up the SSL Certificate on the Orbi line, so modern browsers like Chrome will complain, "The Cert is bad. Don't go there! Oh, no. The sky is falling."

Try it for yourself: https://orbilogin.net. Just ignore the warnings and proceed to the Orbi Home Page. Works great!

https://community.netgear.com/t5/Orbi-Wi-Fi-5-AC-and-Orbi-with/Microsoft-Edge-and-now-Chrome-browsers-cannot-connect-to-router/td-p/2359675/jump-to/first-unread-message

willemdh

Initiate

Feb 14, 2020

HTTPS is really important and should also be enabled inside the network. otherwise the password used when logging in, can easily be sniffed by bad actors..

See https://www.guru99.com/wireshark-passwords-sniffer.html

Please add this feature asap...

CrimpOn

Guru - Experienced User

Feb 14, 2020

willemdh wrote:

HTTPS is really important and should also be enabled inside the network. otherwise the password used when logging in, can easily be sniffed by bad actors..

Please add this feature asap...

Done!

It works already. The ugly thing, however, is that Netgear has totally messed up the SSL Certificate on the Orbi line, so modern browsers like Chrome will complain, "The Cert is bad. Don't go there! Oh, no. The sky is falling."

Try it for yourself: https://orbilogin.net. Just ignore the warnings and proceed to the Orbi Home Page. Works great!

https://community.netgear.com/t5/Orbi-Wi-Fi-5-AC-and-Orbi-with/Microsoft-Edge-and-now-Chrome-browsers-cannot-connect-to-router/td-p/2359675/jump-to/first-unread-message

FURRYe38
Guru - Experienced User
Feb 14, 2020
Thought the Don't Go There thing was fixed in v2.5.1.8?
CrimpOn wrote:
willemdh wrote:
HTTPS is really important and should also be enabled inside the network. otherwise the password used when logging in, can easily be sniffed by bad actors..
Please add this feature asap...
Done!

It works already. The ugly thing, however, is that Netgear has totally messed up the SSL Certificate on the Orbi line, so modern browsers like Chrome will complain, "The Cert is bad. Don't go there! Oh, no. The sky is falling."

Try it for yourself: https://orbilogin.net. Just ignore the warnings and proceed to the Orbi Home Page. Works great!
CrimpOn
Guru - Experienced User
Feb 14, 2020
FURRYe38 wrote:
Thought the Don't Go There thing was fixed in v2.5.1.8?
Chrome and Opera both complained just now. (They didn't actually say, "The Sky is Falling!" I made that up.) The complain is still about the self-signed cert.

Edge says:
This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

Opera says:
Your connection is not private
This server could not prove that it is 192.168.1.1; its security certificate is from www.routerlogin.net. This may be caused by a misconfiguration or an attacker intercepting your connection.
NET::ERR_CERT_COMMON_NAME_INVALID