Linksys login page security issue?

Discussion in 'General Discussion' started by Searcher61, Apr 1, 2008.

  1. Searcher61

    Searcher61 Network Guru Member

    I had been using tomato or alt. firmware for a long time, until my wrt54g died... and I ended up with a wrt300N router. That was not the worst of it...

    Am I the only one that thinks having the type and model of the router on the admin login page is a security problem? I called Linksys and they said its only a problem if you don't change your password. I said if there is an exploit for a certain model of router and people can tell you are running that model...I call that a concern.

    Please see the attachment to see what I mean.

    Anyone else?

    Attached Files:

  2. Searcher61

    Searcher61 Network Guru Member

    Wow...noone else sees this as a security concern?....hmmmm.
  3. HennieM

    HennieM Network Guru Member

    Basic web authentication is insecure. That's it. If somebody can intercept authentication done using Basic Authentication, it's exteremely trivial to decode both the username and password. Knowing the router model does not really make it worse, as routers, even from different manufacturers, tend to use the same username and similar internal workings. Most routers show the manufacturer and/or model in authentication, while others, such as Cisco, use other identifyable phrases in authentication.

    What Linksys is driving at, is that the default passwords for all manufacturers/models are known, so if you don't change it, you leave a gaping hole that even the uninformed computer illiterate can use.

    If the WRT300/600 allows you to switch to https instead of http, that would lower the security concern by 90% or more. You can also change the (WAN side) port from port 80 to something else - that throws off most half-jacked attempts.
  4. heidnerd

    heidnerd LI Guru Member

    An attacker can also determine the fingerprint of the firewall and routers by many different methods. If they have wireshark (packet sniffer) they could easily look at the packets and make a pretty good guess by simply looking at the mac address -- unless it was modified by the person setting up the router. Experience hackers can also collect and build pretty good collections of what packets during pings and other connection attempts will look like.

    Beside using the login web banner, they can also simply connect to the device on port 80 and pick up a good hit that way -- for example:

    using telnet..

    ">open 80

    DD-WRT v23 SP2 std (c) 2006 NewMedia-NET GmbH
    Release: 09/15/06 (SVN revision: 3932)

    redwood login:"

    These are of course only visible from inside the LAN - and hopefully you have some element of trust with those inside your perimeter. If not - then you have far bigger problems than the login banner finger print.

    In any case - the best method to protect the routers is to change the password, change it frequently. Also if possible change the "admin" account to some other name ... like "bark" that would then make the hacker guess both the administrative account and the password.

    Of course you should also disable the remote management (management from the WAN side)...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice