NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
readycloud.netgear.com redirects to not using HTTPS this is a giant security problem
Whenever you go to login to https://readycloud.netgear.com it then redirects to a non-SSL site. It is obvious this is a giant security hole which renders readycloud useless, if not out right dangero...
kohdee wrote:
The front-end is initially HTTP to be compatible with routers, from my understanding, but all communication takes place over SSL below that. Only the very top of the window is HTTP (the header), and the rest of the page is HTTPS.
The problem here is that everyone is taught that HTTP is insecure. With good reason of course.
Anyway, I think HTTPS at the top layer should work fine these days.
I am sorry, but ReadyCloud site is not secure at all.
Taking a second look at this, it stands out pretty quickly.
Open up the access page and note that you have Javascript loading from your readycloud site that can be used to interact with the rest of the content on the page.
You have a major problem.
Whomever put the page together didn't get the Google Analytics code right either. Look at how the Javascript is being loaded.
For more background, here is an article by the nice folks at Mozilla who go into the problem with mixed content sites:
https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
