NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Passwords included as plaintext in syslog messages
Looking through my Splunk logs I notice that my WAX610 has started including the plaintext login password in syslog messages (below) This is software version 10.8.8.6. Looking through Splunk ...
Hi hc1ng
Thanks for bringing this to NETGEAR notice. This must be a bug. We will get this checked and addressed ASAP.
Thanks!
Pramendra
Thanks. Please update as soon as possible with plans for a fix. This is a serious security issue - even after the offending syslog messages stop being generated they will persist in the Splunk database for the data retention period.
Any update yet? Since this is not only a bug but a security issue ...
Hello hc1ng
If this has been raised to engineering team it's possible that it will be added to the next publish of firmware since this is a global issue. But publishing a new firmware normally takes time due to collating of bug fixes and will go through some sort of quality control before posting. I do not think also they will just give you a patch for your issue because again this is a global security issue.
Have a lovely day,
Erwin
Netgear Team
Hi
If this has been raised to the engineering team?
You mean you can't confirm that it has?
Well, since it's a global security issue it's reassuring to know that it's not just me but everyone that has to make do with an insecure access point while we wait for a fix.
I was under the impression these are business products where you'd think there was more focus on security. For the same money I can stock up on Ubiquiti access points. So guess where I'm off to now ...
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
