Security concerns: password for router unmasked on unsecured tplinkrepeater.net site & Tether app

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Security concerns: password for router unmasked on unsecured tplinkrepeater.net site & Tether app

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Security concerns: password for router unmasked on unsecured tplinkrepeater.net site & Tether app
Security concerns: password for router unmasked on unsecured tplinkrepeater.net site & Tether app
2021-04-22 14:50:04 - last edited 2021-04-28 08:44:19
Model: RE650  
Hardware Version: V1
Firmware Version:

Hello,

 

I'm concerned about security protocols of your website and Tether app ( and here on the community site too).

 

You use the same password for the community forum as the Tether app, not standard practice due possible were a password breach ( which happens a lot for forums sites databases) . Also you can see the router password openly.

 

More problematic is that the site to set up and control our device via the web is an unsecured site ( no lock) and if there were a password breach, anyone could not only access and control the device, but would see the router password openly. And thus even access our router.

 

You should rectify these security anomalies ASAP.

  1      
  1      
#1
Options
1 Accepted Solution
Re:Security concerns: password for router unmasked on unsecured tplinkrepeater.net site & Tether app-Solution
2021-04-28 08:42:51 - last edited 2021-04-28 08:47:24

@jel888 Good day, 

 

Thank you for your suggestions for tp-link ID , currently tp-link ID is used for both Tether app and tp-link forum etc. for convenience of management on different platforms. 

You may consider creating a different tp-link ID for router/RE management if you worried about the password breach. 

 

For your 2nd concern,if you mean the unsecure warning on the web browser, it's not worth worrying about too much. 

Tp-link management page is safe as it is only accessible from local network ( if you have not open port or enable remote management.)

And your local network is protected by your router/ NAT device.  For more details, here is an FAQ to help explain :

 

Why TP-Link HTTPS web interface is detected as unsecure by some web browsers?

https://www.tp-link.com/support/faq/2598/

Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:Security concerns: password for router unmasked on unsecured tplinkrepeater.net site & Tether app-Solution
2021-04-28 08:42:51 - last edited 2021-04-28 08:47:24

@jel888 Good day, 

 

Thank you for your suggestions for tp-link ID , currently tp-link ID is used for both Tether app and tp-link forum etc. for convenience of management on different platforms. 

You may consider creating a different tp-link ID for router/RE management if you worried about the password breach. 

 

For your 2nd concern,if you mean the unsecure warning on the web browser, it's not worth worrying about too much. 

Tp-link management page is safe as it is only accessible from local network ( if you have not open port or enable remote management.)

And your local network is protected by your router/ NAT device.  For more details, here is an FAQ to help explain :

 

Why TP-Link HTTPS web interface is detected as unsecure by some web browsers?

https://www.tp-link.com/support/faq/2598/

Recommended Solution
  1  
  1  
#2
Options