NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
On the WMDR4500v2, when you login, you go to the basic login page. Among the things displayed are the wireless passwords for any of the wireless networks you have active. I have been told by Netgear support that this behavior cannot be changed. I would like to suggest that this be changed for this router and any others that have this same "feature". Displaying the password in plain text is a HUGE security risk and can be observed by anyone near you when you login. One cannot plan the times one might to need to login and one might not be in a secure, isolated location away from prying eyes or cameras. I would like to see the passwords removed from displaying on this page, in fact they should not by default be displayed on any page in plain text.
8 Comments
c_of_c wrote:On the WMDR4500v2, when you login, you go to the basic login page. Among the things displayed are the wireless passwords for any of the wireless networks you have active.login and one might not be in a secure, isolated location away from prying eyes or cameras.
Interesting question.
Login with what?
The browser interface will certainly show the passwords. That's the idea really. The way to handle that is to use a secure password that means that people cannot login without that password.
Does the desktop genie show the wifi passwords automatically? Doesn't it also require a password? Similarly the Android app.
I ask these questions because some models seem to be better at hiding passwords than others.
If your concern is being caught on CCTV, you'll have to take special measures. Like not going to those pages in public.
Please read my post. on the router basic login page, the wi-fi passwords are displayed when you log into it. Anyone within viewing distance can see them. The issue is "not going to these pages in public", but NOT DISPLAYING THEM IN THE FIRST PLACE AUTOMATICALLY. Tell me what purpose does it serve to display wireless passwords on the first screen you see when you login? If I can choose to go to a page that has the passwords, that is fine. But I do not have a choice to aovid this page.
c_of_c wrote:On the WMDR4500v2, when you login, you go to the basic login page.
I did read your post. It just wasn't that clear. Various things can produce what you call a "basic login page".
You might want to investigate them, if you haven't already.
For example, the screen that comes up when you use the desktop genie (the Windows PC version at least), which Netgear likes people to use, says nothing about your wifi passwords. It has a "button" you can click to retrieve the passwords. But to use that you have to provide your login details.
Likewise the login page for the Android app, also known as the genie, is similarly tight lipped about wifi passwords.
I'm sure that Netgear will consider your suggestion, but in the meantime you have other ways or working with your hardware that do not exhibit this glaring security risk.
To be clear I am not the one calling it the basic login page. Have you ever seen the WNDR4500v2 router browser interface? It says "BASIC" right on it, and it is the page that appears after you login. I already started a thread about if this page could be modified or at least not be the default, and was told it was impossible and to submit it on the idea exchange.
I realize that their are alternatives, which I will check. Keep in mind that the browser interface is more "universal" as every platform has one, and not everyone may have a smart phone that supports the app (yes shocking but keep that in mind). For me in my environment it easier to have a browser with tabs for every device I need to manage instead of switching around among multiple apps. My suggestion is simply about the web interface. To me it just comes across as a dodge for not wanting to address a security exposure. It is like having an oil leak in ones car, and the manufacturer responding "well, just carry around extra oil cartons with you when you drive".
Basic there refers to the level of control that you have over the hardware. It is "basic" in the sense that it is not "advanced".
A better description of the thing you are talking about is the "browser interface", or even to the "basic tab on the browser interface". In that way there is no room for confusion.
If you want people to understand what you are saying, you might like to use that label as you continue your campaign to wake up Netgear to its sloppy approach to security.
Looking at the desktop genie alongside the browser genie interface, it is hard to see how one is better than the other. Many people prefer the desktop genie because it is easier to navigate and has a better Network Map. They dive into the browser interface only when they need to get at rarely changed features.
There are various things wrong with the desktop app, which also has a Mac version, but it is actually easier to use for some of the features that you might want to change on a regular basis. Oh, and it also removes the security risk of revealing passwords when you launch it.
Ditto for GUI for R7800 ... plain-text on splsash page is just poor security, regardless of having to login to the panel
Hi Everyone,
Thank you for submitting your idea on keeping the password from automatically showing up on the login page. This suggestion will be reviewed for consideration. :]
- Jason N
Thank you the response. My continued usage of Netgear will be reviewed for consideration. :smileywink:
