NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

kalpitaru's avatar
kalpitaru
Follower
Dec 06, 2022

Nighthawk Plain Text Security Question Answers

Today I was working on a Netgear Nighthawk wireless router. I pulled a backup of the router before upgrading the firmware. I found that while the admin password was encrypted, the security question answers were listed in plain text. Just wanted to put that out there since this seems like an oversight on Netgears part.

Features

2 Replies

  • plemans's avatar
    plemans
    Guru - Experienced User
    Dec 06, 2022

    Probably not a good thing. 

    KevinLiT 

     

    but you'd also have to be logged in and already know the password to pull the backup. (still not a good thing)

    • michaelkenward's avatar
      michaelkenward
      Guru - Experienced User
      Dec 06, 2022
      plemans wrote:

      Probably not a good thing. 

      KevinLiT 

       

      but you'd also have to be logged in and already know the password to pull the backup. (still not a good thing)

      And something reported here several times over the years.

       

      But it does fall into one of those "paranoia runs deep" issues.

       

      It sits alongside the long running demand that the login use https rather than http, which misses the fact that login is a local network thing. So not something that Chinese intelligence is likely to try.

       

      In the end, Netgear did implement the https option. This then broke things for many people by blocking access to various features.