cancel
Showing results for 
Search instead for 
Did you mean: 
davidramsay
Aspiring Expert
366 Views
Message 1 of 2

HH6 Password passed in in plain text

As a former software test engineer I am apalled that the admin password for the HH6 is passed in on the url as plain text.

If your network is compromised in any way then this leaves your Hub open to hacking.

From a security viewpoint this is a complete nono!!!  I realise the risk may be low but at the very least the connection to the HUB should be via an SSL connection AKA secured and encrypted (HTTPS).

This is as seen on the URL - http://192.168.1.254/0000016400/gui/?password=<mypassword>#/basicStatus

0 Ratings
1 REPLY 1
Distinguished Sage
Distinguished Sage
351 Views
Message 2 of 2

Re: HH6 Password passed in in plain text

Not really a security risk, the hub manager is only accesible via your LAN, however, I agree access should be via HTTPS yo

PS your link just links back to this thread

0 Ratings