Tomato not secure? (no password prompts)

Discussion in 'Tomato Firmware' started by loumarjr, May 22, 2007.

  1. loumarjr

    loumarjr LI Guru Member

    Hi all,

    It seems that i dont have to ever put in my user name and password to login to tomato. I can just boot my computer and surf to and the the tomato overview screen comes up without any authentication. I tried rebooting computer and router and still the same problem. However, if i change the password in the tomato firmware, it asks me to authenticate, but only once. Then any computer on my lan can access the firmware.

    I tried upgrading to tomato v1.07 and have the same problem. i noticed that the logout option is gone on v1.07, also.

    I would like the firmware to ask for a user name and password every time i access it, just like the linksys firmware does. can anybody help??

    Thank you!!!!
  2. barkmann

    barkmann Network Guru Member

    sounds to me like your browser has decided to remember your user/pass without your knowledge. Not a very secure browser....

  3. loumarjr

    loumarjr LI Guru Member


    Browser is IE 7.0. But it is not the browser. if you cane over with your laptop and connected with my wireless lan, you could just type, and tomato firmware status screen would appear.

    It seems that if any computer initally types in a correct password, the firmware doesnt prompt again. Seems like tomato is auto loged on after the first correct attempt. Linksys firmware did not act like this.

    Besides this, tomato's change log for v1.07 contains:
    "Removed Logout option for IE7. No suitable work-around was found for BA."
    I dont know what they mean by that, but it seems they were having some sort of problem loging out too!

    My problem is anyone who jumps on my lan can possibly change my router settings.

    Is anyone having the same problem or situation?

  4. pharma

    pharma Network Guru Member

    No problems here - login screen appears every time using IE7! I'd suggest you re-flash the firmware and try a NVRAM clear (was not needed for me, but might help in your case).

  5. digitalgeek

    digitalgeek Network Guru Member

    Once you enter the password a session is active, if you surf to a webiste and return to the router no password is required. If you close your browser and reopen it you will be prompted again for you password.

    As well as stated above if you allow your brower to remember you password, it will never ask for it again (unless you change it.)
  6. affer

    affer LI Guru Member

    The problem must be with your browser or a password caching program on your system. Tomato prompts for a password, as expected for me. I believe that Tomato uses a session cookie, so if you close your browser, then you'd have to log in again. At a guess, IE is caching your password (or doing something funky with the cookie) on your PC. Why not give Firefox a test drive? The UI is the same as IE, but it's a lot more secure than IE, not to mention that the Tomato login works as expected with Firefox.
  7. loumarjr

    loumarjr LI Guru Member

    Thanks to all for all of your help. It seams that IE and Roboform was catching my password. I think it threw me off because it didnt work exactly like the linksys firmware. I think Tomato is a great product. I will even try firefox.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice