Ericnepean
New Around Here
I am currently using a Netgear Firewall FVS318N (FW 4.3.1-33), and I noticed that this "security" device actually includes the admin password in clear in the configuration backup file. Thinking about this for a bit, this implies the Router OS actually stores passwords in clear - OS's that are designed with a good security model (e.g. Windows 7) only store password hashes so that a user or malware cannot simply read or copy the password file.
I checked config backup files for other devices I have or had to see how common this lackadaisical practice is. Turns out this is quite uncommon:
Cisco RV180 - password is encrypted or hashed
Dlink DIR 825 - password is not exposed
Thomsen ST516 - password is not exposed
Netgear Readynas 2000 - password is not exposed
QNAP TS419PII - password is not exposed
I am totally unimpressed with Netgear. I don't often use the term "lamer" but it seems wholly appropriate here.
I have also noticed in the latest firmware update (shellshock vulnerability) that Netgear has prevented the use of many common symbols in passwords: ! # $ ^ & * are all not permitted. I wonder what kind of SW limitation/design flaw this implies?
I checked config backup files for other devices I have or had to see how common this lackadaisical practice is. Turns out this is quite uncommon:
Cisco RV180 - password is encrypted or hashed
Dlink DIR 825 - password is not exposed
Thomsen ST516 - password is not exposed
Netgear Readynas 2000 - password is not exposed
QNAP TS419PII - password is not exposed
I am totally unimpressed with Netgear. I don't often use the term "lamer" but it seems wholly appropriate here.
I have also noticed in the latest firmware update (shellshock vulnerability) that Netgear has prevented the use of many common symbols in passwords: ! # $ ^ & * are all not permitted. I wonder what kind of SW limitation/design flaw this implies?