[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UBNT Security was Re: Cloudflare 184.108.40.206 public DNS broken w/ AT&T CPE
- Subject: UBNT Security was Re: Cloudflare 220.127.116.11 public DNS broken w/ AT&T CPE
- From: bruns at 2mbit.com (Brielle Bruns)
- Date: Mon, 2 Apr 2018 15:37:37 -0600
- In-reply-to: <2145179005.1930.1522704208669.JavaMail.mhammett@ThunderFuck>
- References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <2145179005.1930.1522704208669.JavaMail.mhammett@ThunderFuck>
On 4/2/2018 3:23 PM, Mike Hammett wrote:
> I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back.
> That said, I think they're taking security more seriously going forward.
I'm not entirely sure what Ubnt has changed lately, because I'm not a
user of the Air* product lines (usually used by the WISPs), but I know
on, for example the Unifi stuff, while the default password is ubnt/ubnt
for the devices, as soon as they are paired with a controller, the
password is set to a random long strong (on a per site basis).
I seem to remember on new EdgeRouter devices they do have you change the
default password during initial web setup. CLI stuff, I think still
have to manually change it from the default.
So yeah, big improvements.
That being said, either way, providers that fail to even basic setup
tasks like changing the default password do deserve what happens to them.
(Note: I heavily use Ubnt's Unifi and Edge* product lines, so I'm
probably biased in one way or another.)
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org