Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
because when you force people to change the password, they forget it, and you will have to handle support calls explaining how to hard reset the device because the same kind of people is too stupid to read the fine manual.
-
This is agent Tim from the Federal Bureau of IT. We have found that you still have default credentials on your router. We are here to change that.
-
j0n4s54343y@Demolishun please Tim don't shoot me i will change it to something more secure!
Changes it to "password" :) -
C0D4681383yYour router has a password?
Wait, you can change the password?
The last router my ISP gave me didn't have a login screen at all 🤷♂️
I blame the shitty ISPs more then uneducated users. -
A good router should have a default password that's random (not derived from the MAC and certainly not a single global default). Afaik AVM uses a dictionary word + a few digits, which combined with a lockout to prevent brute forcing is "good enough".
Of course if you're a business running a public access point you should either know what you're doing or pay a professional that does. Especially if it's a larger setup like in a hotel.
In conclusion: I blame both! -
@saucyatom "lockout to prevent bruteforcing"
Inb4 cycling and randomizing your mac address.
Or simply copying one that's already authenticated. -
@Wisecrack I haven't tried but it might be a global CD, which turns your brute forcing into a denial of service attack.
-
hjk10157313yMy admin password is the default one. However everything (web/telnet/ssh/ftp) is inaccessible from wi-fi and 8 of the 10 ports.
-
C0D4681383y@hjk101 oh no. It was a router, it was still configurable at 192.168.X.1 it was just a login-less ui.
Related Rants
Why the fuck do people not change their router admin password!? I was at a hotel today and could access their router admin interface with the default credentials. I guess this isn't purely the fault of the hotel because not all people know a damn thing about security and only use the interface to change the SSID and password of the AP. But why allow them to leave the default password? Why isn't this a standard feature to be forced to change the password :|
rant
security
aaaah