Reply

Re: orbilogin.com not https

BN-CA
Follower

orbilogin.com not https

Why isn't orbilogin.com secured (https)?  1password notifies me that my password will be sent unencrypted. This does not make sense to have the admin website unsecured.  Please explain.

Model: RBK53| Orbi Router + 2 Satellites Orbi WiFi System
Message 1 of 5
DarrenM
NETGEAR Moderator

Re: orbilogin.com not https

This is a local connection and can only be accessed by devices on the local network this does not go out to the internet.

 

DarrenM

Message 2 of 5
ewolk
Tutor

Re: orbilogin.com not https

Local network or not, this should be required to go over HTTPS.  Even more so now that Google Chrome is marking non-https sites as insecure.  No network should be considered safe enough to send credentials over plain text.  Ever.  The fact that they support HTTPS when enabling remote access but omit it for local is just lazy.  It tells us that the built-in server supports it but never added the option for local.

 

Netgear:  when will this be enabled for local access?  This is such a big oversight.  Even the cheapest routers support it these days.

Message 3 of 5
Jeremyinsf
Apprentice

Re: orbilogin.com not https

Agreed this should be HTTPS - this is 2018.  "It doesn't go out to the Internet" doesn't really matter.  What if there is a security issue on the inside of the network?  

 

Saying it doesn't go out is like saying it's OK for me to have a written list of passwords - as long as I keep it *under* the keyboard.

Message 4 of 5
Tadmuck
Initiate

Re: orbilogin.com not https

@DarrenM, Yes, local networks have historically been considered secure, and they are commonly considered secure by many vendors, but one effect of the "IoT" revolution is that they must never (ever) be considered secure today. Home WiFi systems are notoriously vulnerable to the "drive by hacker in a van", and it's always been possible that some device you bought had been hacked, but now it far far worse. Some smart switches are hackable, so they can be returned to the store so the next owner's network can be exploited, but on a larger scale, if someone manages to hack into a smart switch vendor's site, then everyone who has one of those switches on their network becomes vulnerable.

 

Yes, there are ways to tighten security around each attack vector, but the local network should never be considered secure today.

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 3299 views
  • 9 kudos
  • 5 in conversation
Announcements