• March 28, 2024, 07:39:09 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: securing 'user' account in 1.03b01  (Read 11265 times)

id2

  • Level 1 Member
  • *
  • Posts: 12
securing 'user' account in 1.03b01
« on: March 12, 2015, 07:50:27 AM »

What is a way to secure the account “user” – which is not password protected by default on 1.03b01?

anyone who types user, <no-password>, gets to see all the devices connected to the router and all the router configurations. even WiFi guest connecting to the router can see the setup and mac addresses & IP of other devices connected.

Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: securing 'user' account in 1.03b01
« Reply #1 on: March 12, 2015, 07:53:10 AM »

Disable it. I think there is an option for this under Tools/Admin...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

id2

  • Level 1 Member
  • *
  • Posts: 12
Re: securing 'user' account in 1.03b01
« Reply #2 on: March 12, 2015, 07:56:57 AM »

there is no option to disable it  :o
Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: securing 'user' account in 1.03b01
« Reply #3 on: March 12, 2015, 07:58:43 AM »

Input a PW for the User account and don't give it out....
« Last Edit: March 12, 2015, 08:00:42 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

id2

  • Level 1 Member
  • *
  • Posts: 12
Re: securing 'user' account in 1.03b01
« Reply #4 on: July 31, 2015, 05:48:02 AM »

Hello,

it has been a while. but I have discovered something interesting.

if i downgrade the dir-855l verA1 to the firmware 1.00 then I can secure the user account with a password, and when i update the firmware to 1.03 the user account is secured with the old password, but i have no ability to change it.

however, if i do not secure the user account with the password, and upgrade to latest version there is no way to change the password, and the user can be selected from dropdown and anyone can simply login with no password, view logs, see connected devices, IP's and MAC address, etc.,

this is a minor bug, but is quite a nuisance if you have guest WLAN.

also noticed that the WISH is not available in web interface and can only be reached via known web address.

as a personal note, run release 1.0 it is much better.
Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: securing 'user' account in 1.03b01
« Reply #5 on: July 31, 2015, 07:08:46 AM »

Thanks for this information and feed back. I'll forward this to D-Link for review.

WISH have not been supported on this model router. Is it listed as a feature in the user manual?  ???
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

id2

  • Level 1 Member
  • *
  • Posts: 12
Re: securing 'user' account in 1.03b01
« Reply #6 on: August 03, 2015, 05:09:33 AM »

Thanks for the reply.

Just reviewed the manual ... I dont see the WISH in the manual, explains the missing WISH link in Advanced section.
<ftp://ftp2.dlink.com/PRODUCTS/DIR-855L/REVA/DIR-855L_MANUAL_1.00_EN.PDF>

And yet WISH it is configurable on the actual device. ???  ;)

Also another minor bug, if device is added to mydlink, followed by check system firmware, the device will download and install 1.02, yet 1.02 firmware is not on the dlink support page <http://support.dlink.com/ProductInfo.aspx?m=DIR-855L> for the product. The kicker is that you can then manually upgrade it to the 1.03b1...

Again for anyone reading this post, I would stick to 1.00 or 1.01
Logged
Cable:30Mb/15Mb > Motorola_SB6121 > pfsense_2.2_(Intel box) > DIR-855L

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: securing 'user' account in 1.03b01
« Reply #7 on: August 03, 2015, 07:35:32 AM »

I presume the UI is a template of some sorts and can be configured as needed for different features. Some features maybe hidden for those model routers that don't support the actual feature. The UI template is probably a blanket Ui for several model routers. Even though the UI feature maybe there, doesn't mean the actual feature code is there.  ::)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.