NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

JollyRoger8X's avatar
JollyRoger8X
Guide
Mar 23, 2021

Admin password is prominently displayed on the start page by default

This seems like a really bad idea, guys: The administration password is always displayed in plain text by default when you log into the administration interface.   Questions: 1. Is there a ...
vajim's avatar
vajim
Master
Mar 23, 2021

App or pc login?

 

if pc login which browser?

JollyRoger8X's avatar
JollyRoger8X
Guide
Mar 23, 2021

Not sure why the screenshot image I added to my post didn't show up, since the post preview showed it just fine. But you can see the screenshot here instead:

https://i.imgur.com/n3HFHuz.png 

 

The password is displayed in plain text on the front administration page in all web browsers I have tried.

 

Passwords should never be displayed on web pages in plain text if you care about security - especially immediately upon login. This is considered a bad security practice in general.

 

My questions are:

 

1. Is there w way to disable this behavior?

 

2. If not, how do I officially request that this be disabled (made optional and OFF by default) in future firmware updates?

  • vajim's avatar
    vajim
    Master
    Mar 23, 2021

    What model orbi do you have?

  • CrimpOn's avatar
    CrimpOn
    Guru
    Mar 23, 2021
    JollyRoger8X wrote:

    1. Is there way to disable this behavior?

    No. There is not.

    2. If not, how do I officially request that this be disabled (made optional and OFF by default) in future firmware updates?

    You can post a suggestion on the Netgear Idea Exchange:

    https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home 

     

    One might imagine that the assumption is that this Orbi is not in a public space where some stranger can look over your shoulder and observe the WiFi password.  If the WiFi password must be kept secret from people living in the house, then do not open the admin home page when someone can see the screen.

     

    Considering the major issues that Netgear should be assigning engineers to fix, this is not likely to rise to the top any time soon.

    • CrimpOn's avatar
      CrimpOn
      Guru
      Mar 23, 2021

      p.s. One of the frustrating features of the Netgear community forums is that in-line images reated by using the "Photos" icon do not appear to other users until approved by a forum moderator.  Images attached using the "Browse" button (lower left) are available immediately.

      I find it really tedious and wish they would either (a) allow in-line images, or (b) just take away the Photos icon.

    • JollyRoger8X's avatar
      JollyRoger8X
      Guide
      Mar 23, 2021
      CrimpOn wrote:
      JollyRoger8X wrote:

      1. Is there way to disable this behavior?

      No. There is not.

      2. If not, how do I officially request that this be disabled (made optional and OFF by default) in future firmware updates?

      You can post a suggestion on the Netgear Idea Exchange:

      https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home 

       

      One might imagine that the assumption is that this Orbi is not in a public space where some stranger can look over your shoulder and observe the WiFi password.  If the WiFi password must be kept secret from people living in the house, then do not open the admin home page when someone can see the screen.

       

      Considering the major issues that Netgear should be assigning engineers to fix, this is not likely to rise to the top any time soon.

      The fact is displaying an administration password in plain text by default after login is indeed a bad security practice and should be rectified. Any organization that is security conscious should immediately see the importance of this.

       

      If this is an indication of the security best practices being followed (or more to the point NOT being followed) by the Netgear development team, then anyone who is security conscious should be rightfully concerned.

       

      Thanks for the link to the Netgear Idea Exchange. I truly hope they will treat it with the urgency it deserves.

      • FURRYe38's avatar
        FURRYe38
        Guru
        Mar 24, 2021

        Just so you know, This is seen across ALL NG router products and maybe intended by NG by design. Not sure if this would be considered something critical as you have to be logged into the Basic web page to see it and is a convience item seems like. It's been like this for years on most of there router lines. And if others are looking over your shoulder while your in the web page, then maybe you should be monitoring whom is behind you first. 

         

        Good Luck though.