Author Topic: Sheilds up site says no router vulnerability, but avast alerts hns weak pass  (Read 822 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Sr. Member
  • ****
  • Posts: 391
Hi, when I scanned the system with wifi inspector scan, it alerts to hns weak pass.
I went to the router and changed both wireless and router password strongly.
But rescan says the same alert.
I went to shieds up website and scanned for any leak in port. I have done all ports scan in the website.
It says no leak and all ports are stealthy.
What I am to do.
I have changed wifi password and also disabled WPS  USING THE LATEST FREE version

Offline jraju

  • Sr. Member
  • ****
  • Posts: 391
Hi, I cliked the red mark to open, instead of resolver tab.
It says , and shows the password as weak.
I just  see that and noticed that the user id and password id are one and the same, i.e user, user.
Then I went to the password in router and then changed the password and now , the avast does not alert the warning hns weak pass

Ok, thanks, i found out myself with little bit trying to fix the problem.
Please answer.
If there are two accounts in a router, having admin, and user. Can any one access the user settings without admin password.
How avast alerts this? My router is having admin and user. I have changed the admin password thinking that it is the only way to enter the router. I made the pw very strong to crack it.
I just left the user and got the warning of weak password.
How avast alert it , without it knowing the admin password to enter the user screen.
What in the hns logs that would convey that hns has weak password.
what in the logs that would convey that hns weak password is resolved.
Would any one or moderator answer this query
Thanks avast, it alerted and I resolved it.
Whenever one gives the router ip , it only prompts admin and password not users

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37101
Quote
If there are two accounts in a router, having admin, and user.
You have user name and password to access router setup (admin)  i dont think you can have two admin accounts (maybe som type/brand can do that, dont know)

Then you have network name and password for connecting to router wireless ... this you create from the admin access above

If i was your neighbour and your wireless reach my house and you have default admin setup i can then connect and change settings in your router if i know what router you have

List of default router setup  https://www.softwaretestinghelp.com/default-router-username-and-password-list/








« Last Edit: May 10, 2021, 12:30:32 PM by Pondus »

Offline jraju

  • Sr. Member
  • ****
  • Posts: 391
Hi, Seen your reply but sorry for the late reply.
My router has one admin and one user . Dlink 2730 u model router.
Usually admin page popups when you write 192.x.x.x for router page, you are not shown user page, as it is left default
My query is how avast , thro wifi inspector scan, hns scan, it gives alert of the user login.
Wifi password is a grey area, I agree, but I have disabled WPS switch in the router and so there is no chance that neighbours could access without knowing the password.
I will also change the ssid to something different , so that they do not identify like name etc.
But how did avast, access the user login process to alert that the system has hns weak pass, denoting weak password.

Offline r@vast

  • Avast team
  • Super Poster
  • *
  • Posts: 1625
Hi, Seen your reply but sorry for the late reply.
My router has one admin and one user . Dlink 2730 u model router.
Usually admin page popups when you write 192.x.x.x for router page, you are not shown user page, as it is left default
My query is how avast , thro wifi inspector scan, hns scan, it gives alert of the user login.
Wifi password is a grey area, I agree, but I have disabled WPS switch in the router and so there is no chance that neighbours could access without knowing the password.
I will also change the ssid to something different , so that they do not identify like name etc.
But how did avast, access the user login process to alert that the system has hns weak pass, denoting weak password.

Hi,

HNS does not have any notion of multiple router accounts, it just tries to log in with various login/pass combinations that are either known vendor defaults or easy to guess combinations. If it succeeds, it will report weak pass vulnerability, regardless of the account being an admin one or a user one (this is would be unknown to us).


Offline jraju

  • Sr. Member
  • ****
  • Posts: 391
Hi, r@vast,
          I understand that, but how avast is accessing user, if admin does not allow it. When you put your router ip in the address bar, it onlyl alerts admin password and not users. If a router has user password, the admin has to allow it . OK. Or so I understand.
Please see my router, which has two accounts one root admin, and another user.
If admin, that is the root is protected by strong password, i did hope that I have strong protection.
Everybody has hns.logs . How do I know from the logs result, that this weak pass word alert comes.
I tried to read, but could not guess it.
If it is not to be given, please just say so.

« Last Edit: May 13, 2021, 06:20:19 AM by jraju »

Offline r@vast

  • Avast team
  • Super Poster
  • *
  • Posts: 1625
Hi, r@vast,
          I understand that, but how avast is accessing user, if admin does not allow it. When you put your router ip in the address bar, it onlyl alerts admin password and not users. If a router has user password, the admin has to allow it . OK. Or so I understand.
Please see my router, which has two accounts one root admin, and another user.
If admin, that is the root is protected by strong password, i did hope that I have strong protection.
Everybody has hns.logs . How do I know from the logs result, that this weak pass word alert comes.
I tried to read, but could not guess it.
If it is not to be given, please just say so.

Hi,
Please note that if a weak password vulnerability was reported, then we were able to log in to the account.
We cannot provide further details.