Passwords included as plaintext in syslog messages

hc1ng · ‎2024-08-25

Looking through my Splunk logs I notice that my WAX610 has started including the plaintext login password in syslog messages (below)

This is software version 10.8.8.6.

Looking through Splunk history for login events I can see that this changed around September 2023 (presumably a few software upgrades ago). Before then a login event looked like this:

So I'm curious. Is this a bug or is including plaintext passwords in syslog messages consistent with Netgear's security policy and best practices?

Pramendra · ‎2024-08-25

Hi @hc1ng

Thanks for bringing this to NETGEAR notice. This must be a bug. We will get this checked and addressed ASAP.

Thanks!

Pramendra

hc1ng · ‎2024-08-26

Thanks. Please update as soon as possible with plans for a fix. This is a serious security issue - even after the offending syslog messages stop being generated they will persist in the Splunk database for the data retention period.

hc1ng · ‎2024-09-03

Any update yet? Since this is not only a bug but a security issue ...

ErwinL · ‎2024-09-03

Hello hc1ng

If this has been raised to engineering team it's possible that it will be added to the next publish of firmware since this is a global issue. But publishing a new firmware normally takes time due to collating of bug fixes and will go through some sort of quality control before posting. I do not think also they will just give you a patch for your issue because again this is a global security issue.

Have a lovely day,
Erwin
Netgear Team

hc1ng · ‎2024-09-03

Hi

If this has been raised to the engineering team?

You mean you can't confirm that it has?

Well, since it's a global security issue it's reassuring to know that it's not just me but everyone that has to make do with an insecure access point while we wait for a fix.

I was under the impression these are business products where you'd think there was more focus on security. For the same money I can stock up on Ubiquiti access points. So guess where I'm off to now ...

ErwinL · ‎2024-09-06

Hello hc1ng

I suggest try contacting our support team really quick and verify this issue. And check if engineering is able to provide a temporary fix for your issue.

Have a lovely day,
Erwin
Netgear Team

ErwinL · ‎2025-01-09

Hello @hc1ng

Can you provide any update with regard to your issue? Were you able to get a solution to your issue?

Have a lovely day,
Erwin
Netgear Team

ErwinL · ‎2025-01-17

Hello @hc1ng

We have not received a response from you, and it appears that you may have moved to a different vendor. Please know that we value every experience as an opportunity to improve our services and better support our customers.

Thanks in advance!

Have lovely day,
Erwin
Netgear Team

Passwords included as plaintext in syslog messages

Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages

Re: Passwords included as plaintext in syslog messages