spall Posted July 8, 2010 Share Posted July 8, 2010 In general, is the password for the web interface of a home router sent from the client to the device in plaintext? Quote Link to comment Share on other sites More sharing options...
DaBeach Posted July 8, 2010 Share Posted July 8, 2010 In general, is the password for the web interface of a home router sent from the client to the device in plaintext? I would say yes. I have recently found that (for example) my last Netgear FVS338 had the ability to log on via HTTPS but I did not know this. If it is HTTP I it most likely be transmitted on your LAN in clear text. Quote Link to comment Share on other sites More sharing options...
Charles Posted July 8, 2010 Share Posted July 8, 2010 Most of the routers I've worked with (except really old ones) can use https instead of http for the web interface. If you are worried about the password being sent in cleartext, just use https. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 9, 2010 Share Posted July 9, 2010 In general, is the password for the web interface of a home router sent from the client to the device in plaintext? HTTP itself does not encrypt any traffic, so anything sent through HTTP will be in cleartext. Use HTTPS if you want your traffic encrypted. Quote Link to comment Share on other sites More sharing options...
3w`Sparky Posted July 9, 2010 Share Posted July 9, 2010 if your wifi is secure then what will it matter ! well unless your managing across the internet of course Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 10, 2010 Share Posted July 10, 2010 if your wifi is secure then what will it matter ! well unless your managing across the internet of course What if you are sharing your internet connection with your neighbor and he decides to snoop around your network using wireshark. Or what if its someone else across the street who managed to crack your wireless key? So I think it makes perfect sense to encrypt stuff on your network. Quote Link to comment Share on other sites More sharing options...
Charles Posted July 10, 2010 Share Posted July 10, 2010 If you were sharing wifi you might as well set up HTTPS. Having it set to http doesn't mean that someone with wireshark can find the password, since you have to be between the host and the router to capture packets. Or at least that's what I thought (unless it's wireless), so correct me if I am wrong. :) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 10, 2010 Share Posted July 10, 2010 (edited) If you were sharing wifi you might as well set up HTTPS. Having it set to http doesn't mean that someone with wireshark can find the password, since you have to be between the host and the router to capture packets. Or at least that's what I thought (unless it's wireless), so correct me if I am wrong. :) Unless the person is performing some arp poisoning than its possible to sniff the password with wireshark. If not than you are correct, didn't think about that one. Edited July 10, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.