| Not at risk if you changed default password on router There is some risk for all those people who neglected to change their password from the default when installing their router at home.
But for anyone who had the brains to change their passwords, this is a a non-event.
--
My BLOG .. .. Internet News .. .. My Web Page |
|
 evilghostPremium
join:2003-11-22
Springville, AL
1 edit | said by fAcEtIOUs:There is some risk for all those people who neglected to change their password from the default when installing their router at home. But for anyone who had the brains to change their passwords, this is a a non-event. Routers vulnerable to CSRF are still exploitable IF the user has a trusted session with the configuration page and accesses a hostile site.
How many routers are using session versus cookies for verifying successful authentication? |
|
| said by evilghost 
Routers vulnerable to CSRF are still exploitable IF the user has a trusted session with the configuration page and accesses a hostile site.
How many routers are using session versus cookies for verifying successful authentication?
[/BQUOTE :Don't most routers automatically time out the session after a period of time? If I'm in my router, and I stay on the same page for a couple minutes, when I change pages I have to login again. |
|
| reply to fAcEtIOUs
said by fAcEtIOUs:There is some risk for all those people who neglected to change their password from the default when installing their router at home. But for anyone who had the brains to change their passwords, this is a a non-event. Yeah but then there are those who change the password then forget what they set it to. Or, they have their friend or kid do it for them and they don't remember what it was set to either. |
|
