Reply to post:

D-Link, Comba network gear leave passwords open for potentially whole world to see

adam payne Silver badge

"The path to the file is https://[router ip address]/romfile.cfg and the password is stored in clear text there."

Seriously?!?!? Why on earth would you even do this?

the source code for the router log-in page (again, accessible to anyone that can reach its built-in web UI server) contains the ISP username and password of the user in plain text.

A glaring security oversight this isn't, it's just plain stupidity and laziness.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019