Fernando Frediani <fhfredi...@gmail.com> wrote:
> I am not sure click though certificate warning is that much of a
> security issue in this context neither OpenWrt should have certificates
> issued by default if I understood it correctly.
> Most people accessing OpenWrt LuCI interface knows what it is and would
> not find it strange to have to accept a self-signed certificate. Also
> OpenWrt devices mostly are accessible from internal and restricted
> networks and not exposed to the Internet. Still if necessary it is
> still possible to add its own valid certificate to it on those cases
> where necessary.
So, let me invert your logic to explain the issue.
Because of the lack of certificates, and the hassle with click-through issues
with self-signed certificates, access to the OpenWRT LuCI interfaces are
restricted to people who know what it is. Only highly trained people know
how to accept a self-signed certificate.
As a result, most devices are accessibly only from internal networks, and
usually never exposed to the Internet. Default passwords remain unchanged,
and malware infected a vulnerable PC easily attacks the OpenWRT LuCI interface.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
