Eircom router plaintext password accessible to anyone!!!

rat_race

Hi Eircom,

Go to the login screen of a D1000 router, and view the source code of the login screen page (right click -> View Page Source, or similar).

You'll find this JS function:

function DefaultPasswdNote_check()
{
var random_passwd = "4c5125eff3a7";
var current_passwd = "YOURPASSWORDWILLBEHERE";
// alert(current_passwd + " "+random_passwd);
if(current_passwd != random_passwd ){
   $("#defaultPassNote").hide();
}
}  

Where I have written YOURPASSWORDWILLBEHERE, you will find your admin login password. It's actually how I remembered mine (that was handy).

So people's admin passwords are accessible and viewable by anyone with access to 192.168.1.254, which, by default, you expose to the outside internet.

Please tell I am seeing things.


Regards,
rat_race

gerryk

Haha... that's hilarious. Or it would be if it wasn't so terrifying.

Tow

It is may as well be broadcasting your password in its ssid :-)

rat_race

Eircom, any response? 

Thanks.

mass_debater

Visible to anyone? Am I missing something here, anyone who can access your routers login page on a local ip is already on your lan

V6DEC

This post isn't 100% correct. In order to view the admin password you first of all need to be granted access to the local LAN either via a wired or wifi connection inc. wireless protocol authentication. It is not possible to view the admin password from the WAN/Internet side which the initial post indicates. Also it is worth a mention that many high end modems (and other devices such as cctv etc.) ship by default with admin/admin for the user/pass so that to me is a bigger security issue so at least Eircom seem to have unique passwords for their modems.
The important point here is that the WAN/Internet admin screen isn't exposed so for that reason the post is really inaccurate and nothing worth loosing any sleep over.

Aka Ishur

V6DEC wrote: »

 seem to have unique passwords for their modems.
The important point here is that the WAN/Internet admin screen isn't exposed so for that reason the post is really inaccurate and nothing worth loosing any sleep over.

It is as V6 said, only available to people already on the network, but I hope cafés etc who share out the pw to customers see this. Quite a major vulnerability.

eircom: Alan

rat_race wrote: »

Hi Eircom,

Go to the login screen of a D1000 router, and view the source code of the login screen page (right click -> View Page Source, or similar).

You'll find this JS function:

function DefaultPasswdNote_check()
{
var random_passwd = "4c5125eff3a7";
var current_passwd = "YOURPASSWORDWILLBEHERE";
// alert(current_passwd + " "+random_passwd);
if(current_passwd != random_passwd ){
   $("#defaultPassNote").hide();
}
}  

Where I have written YOURPASSWORDWILLBEHERE, you will find your admin login password. It's actually how I remembered mine (that was handy).

So people's admin passwords are accessible and viewable by anyone with access to 192.168.1.254, which, by default, you expose to the outside internet.

Please tell I am seeing things.


Regards,
rat_race

Hi Rat_Race
 
Thanks for your post and bringing this issue to our attention.
 
We have been advised that the relevant hardware partner has been engaged to investigate the points raised in your post.
 

To add a little more information on this we can confirm that


 

·         Access to the login screen of the D100 router is not accessible from the Internet by default.



·         Access is limited to either wired devices in the home or wireless devices configured with the appropriate SSID and encryption key.



·         Wireless broadcasts or beacons do not contain passwords.
 
If you do have any further questions on this just let us know.
 
Thanks
 
Al