Forum Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
davidramsay
Aspiring Expert

on ‎18-10-2018 18h43

1,148 Views
Message 1 of 2

HH6 Password passed in in plain text

As a former software test engineer I am apalled that the admin password for the HH6 is passed in on the url as plain text.

If your network is compromised in any way then this leaves your Hub open to hacking.

From a security viewpoint this is a complete nono!!!  I realise the risk may be low but at the very least the connection to the HUB should be via an SSL connection AKA secured and encrypted (HTTPS).

This is as seen on the URL - http://192.168.1.254/0000016400/gui/?password=<mypassword>#/basicStatus

0 Ratings
1 REPLY 1
licquorice
Distinguished Sage
Distinguished Sage

‎18-10-2018 19h11 - edited ‎18-10-2018 19h14

1,133 Views
Message 2 of 2

Re: HH6 Password passed in in plain text

Not really a security risk, the hub manager is only accesible via your LAN, however, I agree access should be via HTTPS yo

PS your link just links back to this thread

0 Ratings