NightHawk R7000p - Http uses an insecure authentication procedure

---

@CarlE_01 wrote:

I keep getting notifications from Lenovo and Bitdifender that my network "http uses an insecure authentication procedure" and tells me to update the software. I went checked for router updates and it says the router is up to date. Help, please. 

 

What firmware version do you have on the device?

A number is more useful than "the latest". (It may not be by the time people read this.) There can also be newer versions, or "hot fixes", that do not show up if you check for new firmware in the browser interface.

---

@CarlE_01 wrote:

 

**I ran bitdefender Home Security Scan and it traced the risk back to the router**

---

They would say that, wouldn't they. This would not be the first false alarm from that source.

Hardware Version: R7000P

Firmware Version: V1.3.1.64_10.1.36

Thanks for the help, I appreciate it.

About 2-3 months ago, when I bought the router, Lenovo & Bitdefender were not acting up like this. 

> I keep getting notifications [...]

   When you do what, exactly?  What's the whole, actual message?
Copy+paste is your friend.

> [...] from Lenovo and Bitdifender [...]

   "Lenovo"?  Really?

> [...] it traced the risk back to the router**

   What's the whole, actual message?  Copy+paste is your friend.

   It's common to get complaints from a web browser when you use the
router's management web site, because the browser is worried about your
sending some user credentials over an unencrypted/insecure link
("http://" instead of "https://").  The easy thing to do is ignore the
warning, and proceed.  Presumably, you're talking to your own gizmo on
your own LAN.  If someone can overlisten to that traffic, then you're
already in big trouble.  From your description, it's not clear what's
emitting these messages which are bothering you, or why.

Thanks for the feedback, hopefully I can clear it up.

Issue: Whenever I connect to my home network, I get a pop up from Lenovo security and Bitdefender that my network is unsecure and could have "malicious activity". The issue is recent, it just started happening like a week or two ago. I thought maybe it was the firmware and checked for updates, but it keeps showing that the NightHawk(AC2300, R7000P, V1.3.1.64) firmware is up to date. 

Whenever I connect to any other public wi-fi, I just get a warning that the wi-fi is unsecure, and I know thats to be expected because its public wi-fi.I just don't understand why I'm getting a warning on my home network for "malicious activity".

Hopefully you can see the screenshot, Bitdefender is suggesting I upgrade to the latest firmware, but acording to NetGear the router is up to date. 

My question then is, what could possibly be sparking up my anti-virus that there is malicious activity on my home-network? Also, the internet/wi-fi keeps dropping, but I've been looking around the forums here, and I think I found a solution for that. 

*I disabled the SSID, run a VPN, have an AV (bitdefender), and of course have a WPA2 password for the wi-fi.* 

> Http uses an insecure authentication procedure

   That seems to be a poor description of the actual "problem", namely
that your "Netgear router" uses HTTP (rather than HTTPS) to handle its
login authentication.  Which is the situation described previously.
("Http" doesn't "use" anything.  The router's management web site uses
HTTP for its login authentication page.)

   This seems to be a message from Bitdefender.  I know nothing about
"Lenovo security".

> [...] what could possibly be sparking up my anti-virus that there is
> malicious activity on my home-network? [...]

   Read it again.  It didn't detect any malicious activity; it detected
a (potential) vulnerability.  Namely, a malicious user who has already
gained access to your LAN could learn your routers "admin" username and
its associated password, and use them to fiddle with your router.  Which
is a threat only if a malicious user has _already_ gained access to your
LAN.

> [...] If someone can overlisten to that traffic, then you're
> already in big trouble. [...]

   Still true.  But it's not a way for anyone in the outside world to
break into anything (unless he's already broken into something else in
some other way).

> RISK  o HIGH

   Not how I'd assess it.  At worst, it's a secondary threat.

I assume that when home your network is configured as Private and not Public? If Private I am surprised at Bitdefender popping up as I run Bitdefender and have never seen that, both now and when I was running Netgear routers. 

Thank you all for your feedback/input. I'll try running other AV's to see if I get the same warnings, if all else fails, I'll just buy a new router until I can fix the current one. 

> [...] I'll try running other AV's to see if I get the same warnings,
> [...]

      "There's a zombie right behind you!"

      "No problem. If I use these new earplugs, then I won't have to
      listen to your worrying warnings."

> [...] if all else fails, [...]

   Define "fails".

> [...] I'll just buy a new router [...]

   If the new router also uses HTTP (rather than HTTPS) for its login
authentication, then I'd expect the same results.  Other products (from
other vendors?) may use HTTPS (from the LAN), which I'd expect to clear
these complaint(s).

> [...] until I can fix the current one.

   "fix the current one" how?  Netgear has been getting similar
complaints for a long time, so I wouldn't hold my breath waiting for
new/better firmware for your R7000P to resolve it.  (And then you'll
un-buy your "a new router"?)

   However, this "problem" is similar to a situation where the lock on
the front door of your home can be opened without a key
_from_the_inside_.  That is, someone who's inside your home can unlock
your front door without a key.  But he's already _inside_your_home_.

   Is a key-outside/key-inside door more secure than a
key-outside/knob-inside door?  Perhaps, but is it something about which
to set your hair on fire?  Your decision, of course.

---

@CarlE_01 wrote:

 

My question then is, what could possibly be sparking up my anti-virus that there is malicious activity on my home-network? 

You are barking up the wrong tree. The warning does not come up because there was malicious activity detected on your network. It comes up because Bitdefender looks at the gateway IP (your router IP) and tries to get an HTTP router login page to come up. If it is successful then it gives you the warning because the HTTP protocol is not secure. If the check for a HTTP login page fails or automatically redirects to HTTPS then it passes and no warning comes up. There is no malicious activity that triggers this. Bitdefender deliberately makes the warning look scary to convince you that it's doing something.

Having said that, there may be malicious activity on your network but it is not the cause of this warning and Bitdefender has not picked up this activity if there are no other messages.

---

@CarlE_01 wrote:

Thank you all for your feedback/input. I'll try running other AV's to see if I get the same warnings, if all else fails, I'll just buy a new router until I can fix the current one. 

 

 

---

You seem to miss the point. It isn't Lenovo other than that it the PC you are on, but BitDefender. Either there is a setting in it to avoid this you you just have to ignore it.

Different AV could fix it, but there was nothing really broke.

There are other routers that allow both HTTP and HTTPS, and getting one would also fix the 'non-problem'.

---

@CarlE_01 wrote:

 

My question then is, what could possibly be sparking up my anti-virus that there is malicious activity on my home-network?

It is called a "false alarm".

Entertain yourself for a few minutes. Look up the origin of the saying "cry wolf".

---

@CarlE_01 wrote:

Thank you all for your feedback/input. I'll try running other AV's to see if I get the same warnings, if all else fails, I'll just buy a new router until I can fix the current one. 

 

 

---

This really is not a router problem. The AV is getting more aggresive then maybe it should be, but you could perhaps purchase another vendors router with the same issue. Best to just say I know and move on. No need to be spending money on a solution that potentially could have the same issue.