NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
readycloud.netgear.com redirects to not using HTTPS this is a giant security problem
Whenever you go to login to https://readycloud.netgear.com it then redirects to a non-SSL site. It is obvious this is a giant security hole which renders readycloud useless, if not out right dangero...
There has been some talk about this subject like as follows:
There is a more formal document that I will check to see where it is located to post into this thread.
We do see the security concerns that you and others have voiced. There are some measures that we have put into place to make sure that the critical components are encrypted (Password and WAN data transfers). In the process of improving the LAN data transfers we had encountered some limitations that brings us to the current state of ReadyCLOUD.
An example:
Login to the site and then exit your browser. Then go back to http://readycloud.netgear.com/client/en/welcome.html.
Click on "Sign In" and you will be taken directly to your nas page, i.e. here: http://readycloud.netgear.com/client/index.html#page=access
From there select your username, settings, and then password. No SSL. There is a lot of fail going on there. If you work your way to your NAS you can find "Manage" buttons which will redirect you back to your local NAS, that part is all good. You can though do an awful lot without taking that step.
The man in the middle attack, and the multiple forms in which it could be exploited, should be plainly obvious.Let me leave it at that.
I really like my ReadyNas(*) so please frame the above critisism with that in mind.
- Brian
*) All three Readynas, of which all three continue to spin up disks.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
