• April 25, 2018, 04:42:04 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: securing 'user' account in 1.03b01  (Read 3214 times)

id2

  • Level 1 Member
  • *
  • Posts: 12
securing 'user' account in 1.03b01
« on: March 12, 2015, 07:50:27 AM »

What is a way to secure the account “user” – which is not password protected by default on 1.03b01?

anyone who types user, <no-password>, gets to see all the devices connected to the router and all the router configurations. even WiFi guest connecting to the router can see the setup and mac addresses & IP of other devices connected.

Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44914
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: securing 'user' account in 1.03b01
« Reply #1 on: March 12, 2015, 07:53:10 AM »

Disable it. I think there is an option for this under Tools/Admin...
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

id2

  • Level 1 Member
  • *
  • Posts: 12
Re: securing 'user' account in 1.03b01
« Reply #2 on: March 12, 2015, 07:56:57 AM »

there is no option to disable it  :o
Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44914
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: securing 'user' account in 1.03b01
« Reply #3 on: March 12, 2015, 07:58:43 AM »

Input a PW for the User account and don't give it out....
« Last Edit: March 12, 2015, 08:00:42 AM by FurryNutz »
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

id2

  • Level 1 Member
  • *
  • Posts: 12
Re: securing 'user' account in 1.03b01
« Reply #4 on: July 31, 2015, 05:48:02 AM »

Hello,

it has been a while. but I have discovered something interesting.

if i downgrade the dir-855l verA1 to the firmware 1.00 then I can secure the user account with a password, and when i update the firmware to 1.03 the user account is secured with the old password, but i have no ability to change it.

however, if i do not secure the user account with the password, and upgrade to latest version there is no way to change the password, and the user can be selected from dropdown and anyone can simply login with no password, view logs, see connected devices, IP's and MAC address, etc.,

this is a minor bug, but is quite a nuisance if you have guest WLAN.

also noticed that the WISH is not available in web interface and can only be reached via known web address.

as a personal note, run release 1.0 it is much better.
Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44914
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: securing 'user' account in 1.03b01
« Reply #5 on: July 31, 2015, 07:08:46 AM »

Thanks for this information and feed back. I'll forward this to D-Link for review.

WISH have not been supported on this model router. Is it listed as a feature in the user manual?  ???
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

id2

  • Level 1 Member
  • *
  • Posts: 12
Re: securing 'user' account in 1.03b01
« Reply #6 on: August 03, 2015, 05:09:33 AM »

Thanks for the reply.

Just reviewed the manual ... I dont see the WISH in the manual, explains the missing WISH link in Advanced section.
<ftp://ftp2.dlink.com/PRODUCTS/DIR-855L/REVA/DIR-855L_MANUAL_1.00_EN.PDF>

And yet WISH it is configurable on the actual device. ???  ;)

Also another minor bug, if device is added to mydlink, followed by check system firmware, the device will download and install 1.02, yet 1.02 firmware is not on the dlink support page <http://support.dlink.com/ProductInfo.aspx?m=DIR-855L> for the product. The kicker is that you can then manually upgrade it to the 1.03b1...

Again for anyone reading this post, I would stick to 1.00 or 1.01
Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 44914
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology
Re: securing 'user' account in 1.03b01
« Reply #7 on: August 03, 2015, 07:35:32 AM »

I presume the UI is a template of some sorts and can be configured as needed for different features. Some features maybe hidden for those model routers that don't support the actual feature. The UI template is probably a blanket Ui for several model routers. Even though the UI feature maybe there, doesn't mean the actual feature code is there.  ::)
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting