DSwit
Occasional Visitor
A comment at the end of this thread over at the asus forum concerned me, are plain text passwords and issue with RMerlin firmware? Is it a problem with the asus firmware as well?
I'll quote post #14 as it has the text that concerned me.
TIA
--
I think I figured it out! I'm running 3.0.0.4.374_257 and I'm still having this problem.>
>
>
>I use a password generator that includes special characters i.e. ; ' " [ ] { } etc.
>>After a few rounds of resets and digging into my browser's console I finally figured out that passwords containing " ' and ; characters can cause the problem. >
>
>
>If you go to the system page (among others) and search for your password string in the source code of the page you'll see what I mean. Passwords are sent in plain text and certain characters within them can interrupt the scripts and cause the page to fail.>
>
>
>This is terrible coding, I'm not sure how confidant I can be in the security of the rest of the device.>
>
>
>I would advise ASUS to do a proper investigation into input sanitation and security practices, and respond with an update correct the problem.
--
Original post:
http://vip.asus.com/forum/view.aspx..._id=11&model=RT-N66U (VER.B1)&page=2&count=14
I'll quote post #14 as it has the text that concerned me.
TIA
--
I think I figured it out! I'm running 3.0.0.4.374_257 and I'm still having this problem.>
>
>
>I use a password generator that includes special characters i.e. ; ' " [ ] { } etc.
>>After a few rounds of resets and digging into my browser's console I finally figured out that passwords containing " ' and ; characters can cause the problem. >
>
>
>If you go to the system page (among others) and search for your password string in the source code of the page you'll see what I mean. Passwords are sent in plain text and certain characters within them can interrupt the scripts and cause the page to fail.>
>
>
>This is terrible coding, I'm not sure how confidant I can be in the security of the rest of the device.>
>
>
>I would advise ASUS to do a proper investigation into input sanitation and security practices, and respond with an update correct the problem.
--
Original post:
http://vip.asus.com/forum/view.aspx..._id=11&model=RT-N66U (VER.B1)&page=2&count=14