Jump to content

Router Web If Password

spall

By spall
in Security

 Share

Recommended Posts

DaBeach Newbie

DaBeach

Posted
Posted
In general, is the password for the web interface of a home router sent from the client to the device in plaintext?

I would say yes. I have recently found that (for example) my last Netgear FVS338 had the ability to log on via HTTPS but I did not know this. If it is HTTP I it most likely be transmitted on your LAN in clear text.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
In general, is the password for the web interface of a home router sent from the client to the device in plaintext?

HTTP itself does not encrypt any traffic, so anything sent through HTTP will be in cleartext. Use HTTPS if you want your traffic encrypted.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
if your wifi is secure then what will it matter !

well unless your managing across the internet of course

What if you are sharing your internet connection with your neighbor and he decides to snoop around your network using wireshark.

Or what if its someone else across the street who managed to crack your wireless key? So I think it makes perfect sense to encrypt stuff on your network.

Link to comment
Share on other sites
Charles Newbie

Charles

Posted
Posted

If you were sharing wifi you might as well set up HTTPS.

Having it set to http doesn't mean that someone with wireshark can find the password, since you have to be between the host and the router to capture packets. Or at least that's what I thought (unless it's wireless), so correct me if I am wrong. :)

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)
If you were sharing wifi you might as well set up HTTPS.

Having it set to http doesn't mean that someone with wireshark can find the password, since you have to be between the host and the router to capture packets. Or at least that's what I thought (unless it's wireless), so correct me if I am wrong. :)

Unless the person is performing some arp poisoning than its possible to sniff the password with wireshark. If not than you are correct, didn't think about that one.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...