Menu
Reply
Highlighted
  • 16
  • 0
  • 2
On our wavelength
765 Views
Message 51 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

True, but you would find out this had happened and set it back. Also, none of your devices would be on the reset network, so the worst that the attacker could do is use your internet allowance. Far more dangerous is the attacker who shoulder-surfs the password, logs in and finds out information about your network, connected devices and is able to change your firewall, open ports etc, all without you realising this has happened.

0 Kudos
Reply
Highlighted
  • 6.04K
  • 447
  • 1.05K
Hero
753 Views
Message 52 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

You have an attacker shoulder surfing you at home?

--
Hub 3.0, TP-Link Archer C8, TP-Link TL-SG1008D 8-port gigabit switch, V6
My Broadband Ping - Roger's VM Broadband Connection
0 Kudos
Reply
Highlighted
  • 16
  • 0
  • 2
On our wavelength
731 Views
Message 53 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

Constantly. Don't you?
Highlighted
  • 13.22K
  • 1.66K
  • 3.76K
Alessandro Volta
720 Views
Message 54 of 61
Flag for a moderator

Re: SuperHub3 - plain text password


@Roger_Gooner wrote:

You have an attacker shoulder surfing you at home?


Own children

Highlighted
  • 1
  • 0
  • 2
Joining in
654 Views
Message 55 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

How many years has this been, for what, a simple attribute change on a input box... I used tampermonkey fix by ntyze to make this change for me (device specific so not ideal). 

The fact here is that you have 6 pages on a forum spanning years, with multiple people from the industry making complaints (myself included), advising how this is a basic issue, a pretty standard practice (security wise) and its still not been resolved, it would take all of 5 mins to modify the html input box attribute and mask the password.

This speaks volumes to virgin media as a company and their customer service. Well done VM, <slow clap>.

Highlighted
  • 1
  • 0
  • 0
Joining in
541 Views
Message 56 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

Hello there.

I have the same issue on my Virgin media hub 3 router.

0 Kudos
Reply
Highlighted
  • 3
  • 0
  • 0
Joining in
354 Views
Message 57 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

VIRGIN! is anyone going to fix this issue.

It's crazy to not enforce security then ignore it when secondly at least give people access to change it if you are going to ignore everybody and not even respond...

Thirdly like it has been mentioned several times. NO no one is watching your screen they might but you are leaking everyone's passwords unintentionally.

Every time someone enters a password into a plain text field. Nearly every modern browser uses this data to add to spellcheck data pool to then personalize someone's commonly used words/spellcheck.

PLEASE, PLEASE, PLEASE allow us to fix this or fix it yourself.

Otherwise I'd like to request a secure router...

Is the password even encrypted in the memory of the router?

I really have no confidence in this. Not only this but the session management of the router is horrendous, I have to restart my router every time I want to login in to the panel. Please can you fix this as the only provider of speeds above 150Mb/s you have the worst customer service... I waited on the phone 3 times yesterday for 30 mins got hung up on after 30mins everytime didn't even talk to anyone...

0 Kudos
Reply
Highlighted
  • 21.85K
  • 626
  • 3.69K
Alessandro Volta
342 Views
Message 58 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

You wrote:

I really have no confidence in this. Not only this but the session management of the router is horrendous, I have to restart my router every time I want to login in to the panel. Please can you fix this as the only provider of speeds above 150Mb/s you have the worst customer service... I waited on the phone 3 times yesterday for 30 mins got hung up on after 30mins everytime didn't even talk to anyone...

 

I never have to reboot the hub to get into the panel - not on any hub model.  And during this crisis, maybe you do have to await an agent, although I don't think VM have emailed their customers to provide the necessary guidance.  

As to the plain text password matter, for what my opinion is worth, the perils and fears have been grossly over-egged, almost to the point of hysteria.  You can realistically only log on to the router at home and if you need to hide the passwords from the kids then hjide the password from the kids.

 

Seph - ( DEFROCKED - My advice is at your risk)

0 Kudos
Reply
Highlighted
  • 3
  • 0
  • 0
Joining in
339 Views
Message 59 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

Hi Sephiroth 

 

my plan is incorrect I’m paying for a higher plan but only receiving a lower plan. So if you could point me in the right direction of how I can change this without talking to anyone.

In terms of the plain text password. It is accessible outside of the home... it is also not Virgins decision wether or not a customer wants security... if I would like security measures implemented that have been standards for decades.

then I should be entitled to an alternative if they don’t offer this. Or I should be able to use my own router without having to use the hub in modem mode.

0 Kudos
Reply
Highlighted
  • 21.85K
  • 626
  • 3.69K
Alessandro Volta
329 Views
Message 60 of 61
Flag for a moderator

Re: SuperHub3 - plain text password

Hello Henry,

You could try asking the Forum Team to take up your case - a long shot though.  Yes, if you need to speak to them, then you'll need to persist.  This is not the right time to get into any difficulty that the forum community can't resolve.

How is the password accessible outside of the home?  If you mean the WiFi boundary, then that's the same thing to my mind.  What is the real lif situation that you fear?

On your point about the choices VM offer the customer - that's been a toss argued about for the 11 years I've been posting here.  VM are, at times, as up themselves as the EU! They are more likely to listen when what's asked for saves them grief or earns them money.  Their offer is what you buy and then you/we argue the toss.  That toss, in this case, is whether or not a password confined to the home (or possibly a DDNS link) requires strict security measures in the sense you've described.  

On your final point, there's a lot of support in the community for VM to allow own selected brand hubs.  The problem here is that the very security standards you applaud are being strictly applied by VM for a number of reasons.  The first is that they only want to support a single interface to their network and hence the associated security regime, which is very tight I can tell you (thanks to DOCSIS).  The second is that in the UK there are no available DOCSIS 3.x modem routers available; the router has to support DOCSIS 3.x and no ASUS, Netgear etc router can support that.  A DOCSIS 3.x front end is a necessity and VM want to strictly control this so that their service obligations can be met and managed.

Ah, I hear you say, in the USA they allow people to buy their own modems - so why not here?  I don't know the full answer, but you can be sure that market pressure in the USA is behind this, whereas there is no meaningful pressure here, let alone modems that you could buy and attach to the VM service.  Incidentally, VM own your hub - it's rented from them.

Hope that helps.

 

Seph - ( DEFROCKED - My advice is at your risk)

0 Kudos
Reply