15
j0n4s
2y

Why the fuck do people not change their router admin password!? I was at a hotel today and could access their router admin interface with the default credentials. I guess this isn't purely the fault of the hotel because not all people know a damn thing about security and only use the interface to change the SSID and password of the AP. But why allow them to leave the default password? Why isn't this a standard feature to be forced to change the password :|

Comments
  • 8
    because when you force people to change the password, they forget it, and you will have to handle support calls explaining how to hard reset the device because the same kind of people is too stupid to read the fine manual.
  • 5
    This is agent Tim from the Federal Bureau of IT. We have found that you still have default credentials on your router. We are here to change that.
  • 6
    @Demolishun please Tim don't shoot me i will change it to something more secure!

    Changes it to "password" :)
  • 3
    Your router has a password?
    Wait, you can change the password?

    The last router my ISP gave me didn't have a login screen at all 🤷‍♂️

    I blame the shitty ISPs more then uneducated users.
  • 4
    A good router should have a default password that's random (not derived from the MAC and certainly not a single global default). Afaik AVM uses a dictionary word + a few digits, which combined with a lockout to prevent brute forcing is "good enough".
    Of course if you're a business running a public access point you should either know what you're doing or pay a professional that does. Especially if it's a larger setup like in a hotel.

    In conclusion: I blame both!
  • 2
    I changed it to "password". Should be set for life. Thanks jonas
  • 0
    @saucyatom "lockout to prevent bruteforcing"

    Inb4 cycling and randomizing your mac address.

    Or simply copying one that's already authenticated.
  • 1
    @Wisecrack I haven't tried but it might be a global CD, which turns your brute forcing into a denial of service attack.
  • 1
    @C0D4 that's more a Ethernet bridge than a router
  • 0
    My admin password is the default one. However everything (web/telnet/ssh/ftp) is inaccessible from wi-fi and 8 of the 10 ports.
  • 0
    @hjk101 oh no. It was a router, it was still configurable at 192.168.X.1 it was just a login-less ui.
Add Comment