14
j0n4s
3y

Why the fuck do people not change their router admin password!? I was at a hotel today and could access their router admin interface with the default credentials. I guess this isn't purely the fault of the hotel because not all people know a damn thing about security and only use the interface to change the SSID and password of the AP. But why allow them to leave the default password? Why isn't this a standard feature to be forced to change the password :|

Comments
  • 5
    @Demolishun please Tim don't shoot me i will change it to something more secure!

    Changes it to "password" :)
  • 3
    Your router has a password?
    Wait, you can change the password?

    The last router my ISP gave me didn't have a login screen at all 🤷‍♂️

    I blame the shitty ISPs more then uneducated users.
  • 4
    A good router should have a default password that's random (not derived from the MAC and certainly not a single global default). Afaik AVM uses a dictionary word + a few digits, which combined with a lockout to prevent brute forcing is "good enough".
    Of course if you're a business running a public access point you should either know what you're doing or pay a professional that does. Especially if it's a larger setup like in a hotel.

    In conclusion: I blame both!
  • 2
    I changed it to "password". Should be set for life. Thanks jonas
  • 0
    @saucyatom "lockout to prevent bruteforcing"

    Inb4 cycling and randomizing your mac address.

    Or simply copying one that's already authenticated.
  • 1
    @Wisecrack I haven't tried but it might be a global CD, which turns your brute forcing into a denial of service attack.
  • 1
    @C0D4 that's more a Ethernet bridge than a router
  • 0
    My admin password is the default one. However everything (web/telnet/ssh/ftp) is inaccessible from wi-fi and 8 of the 10 ports.
  • 0
    @hjk101 oh no. It was a router, it was still configurable at 192.168.X.1 it was just a login-less ui.
Add Comment