NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RBR850 Web User Interface no longer requires a password to access
For a long time, when I tried to connect to my Orbi RBR850 web user interface from my browser, I was getting an "unable to connect" error, which I believe was a very common problem for a while. I...
I think I have vague idea of what is going on.
So first off, clearing cache and cookies did not do anything.
I tried with the Edge browser (My main browser is Chrome), and that did work correctly: was prompted for login. And after clicking logout and trying again, was prompted for login again.
I realized that I have Google Sync turned on in my Chrome environment. So I opened a new browser window under a guest profile and this time I was correctly prompted for login, and clicking logout also worked correctly, forcing me to need to login again.
So I'm guessing that there is something with Google Sync that is somehow over-aggressively preserving my credentials (it isn't a "saved passwords" thing, I do not save passwords in the browser or in GoogleSync; I have a separate password manager for that, and that one isn't even capable of detecting the login modal that the Orbi UI uses instead of a login webpage anyway).
It's extremely odd and slightly troubling, but at least I'm confident that it's not a gaping hole; it's not like anyone from the outside, or even on my network, will be let through into the router UI; it seems that it's only a browser that is logged into my personal GoogleSync account is going to be able to get in; and that's at least as secure as (if not more than) the login for the UI.
EDIT TO ADD: My firmware is V4.6.8.2_2.1.9, in case that matters.
I think I have vague idea of what is going on.
So first off, clearing cache and cookies did not do anything.
I tried with the Edge browser (My main browser is Chrome), and that did work correctly: was prompted for login. And after clicking logout and trying again, was prompted for login again.
I realized that I have Google Sync turned on in my Chrome environment. So I opened a new browser window under a guest profile and this time I was correctly prompted for login, and clicking logout also worked correctly, forcing me to need to login again.
So I'm guessing that there is something with Google Sync that is somehow over-aggressively preserving my credentials (it isn't a "saved passwords" thing, I do not save passwords in the browser or in GoogleSync; I have a separate password manager for that, and that one isn't even capable of detecting the login modal that the Orbi UI uses instead of a login webpage anyway).
It's extremely odd and slightly troubling, but at least I'm confident that it's not a gaping hole; it's not like anyone from the outside, or even on my network, will be let through into the router UI; it seems that it's only a browser that is logged into my personal GoogleSync account is going to be able to get in; and that's at least as secure as (if not more than) the login for the UI.
EDIT TO ADD: My firmware is V4.6.8.2_2.1.9, in case that matters.
Some browsers may have some automatition in this to "more conveiently" allow users to log into different sites and deal with logs in. I would not think its is a security hole rather a possible browser feature that with Google seems to work as intended for there browser. Weather not not NG wants to try to prevent this or disallow this, would be up to them. I don't use Google for certain reasons. All that is a Google feature and they would be ones to check into this. I presume this maybe handling other sites similarly as well.
I use MS Edge, FireFox and Opera which have a Chrome engine, however doesn't have same features as Googles. They all allow me to save the log in information, if I choose too, however each time I hit ANY routers web page, the log in pops up.