1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

ASUS F/W and 50702 OpenVPN passwords are "-"

Discussion in 'ASUSWRT - Official' started by Don Vrooman, Aug 14, 2018.

  1. Don Vrooman

    Don Vrooman New Around Here

    Aug 14, 2018
    I have a number of ASUS routers I have updated to firmware versions or 50702 - these are typically older routers like the single core AC66U/R, N66U/R, AC1750, etc. With the these two firmware versions, the OpenVPN passwords are hidden in the Username/Password table, and a "-" appears in the Password column for all entries.

    Of concern: after running for a number of weeks, and then entering a new client username and password, all passwords except for admin and the newest one entered actually become "-" (a dash). This renders the VPN insecure, and could probably become one of those Shodan searches that would make this vulnerability broadly available.

    When reported to ASUS, they assured me they could not replicate the problem.

    Happens without regard to the kind of connection: TCP/UDP, Tun/Tap, etc., and without regard to the client (OpenVPN, OpenVPN Connect, Viscosity, Tunnelblick, etc.) or client OS (iOS, Win 7/10, Android, macOS).

    Anyone share this experience?


    A hard reboot "fixes" the problem, so after adding, changing, or deleting usernames or passwords, power the device off and after a short wait, back on.
    Last edited: Aug 14, 2018