Hi, it's possible to hide WEP, WPA and PPPoE password in new firmware release? now it's possible to read keys and this can be a problem...

Paolo

I agree !!! :-)

I was going to make a new post asking for this in new firmwares.

In my opinion: It's necessary.

I don't know how a cpe that should be configured via web has this weak point.

Up....Up!

There is no way to do what you are asking for in a secure manner, so there is no reason to try as it will only create the illusion that it's secure.

If you compromise the unit (either by having administrative access via the web interface or by having physical access) then the pass phrase can be read, because you can always enable ssh access via the admin interface and with that you can access all files on flash.

If you don't trust people with the pass phrase then use EAP or give the read only access.

There is no way to do what you are asking for in a secure manner, so there is no reason to try as it will only create the illusion that it's secure.

If you compromise the unit (either by having administrative access via the web interface or by having physical access) then the pass phrase can be read, because you can always enable ssh access via the admin interface and with that you can access all files on flash.

If you don't trust people with the pass phrase then use EAP or give the read only access.

Normal user haven't the ability to compromise unit, but as eye to see what you write in the field password, and so he are able to replicate on other CPE the access data of the nano, and virtually create problem on all the network where nano is connected...

Have a nice day - Gigi from Italy

[quote=FlemmingFrandsen]
Normal user haven't the ability to compromise unit, but as eye to see what you write in the field password, and so he are able to replicate on other CPE the access data of the nano, and virtually create problem on all the network where nano is connected...


Ah!, in that case I'd suggest:
* That you don't reconfigure CPEs when untrusted users are looking over your shoulder.
* That you select very long, very random pass phrases that aren't easily remembered or brute forced.

Since we use a PPPoE solution, we have blocked normal TCP/IP Traffic from the clients Nano's and only allow PPPoE to pass through the lan port. The customers themselves must use either a router or Windows for their PPPoE login into the web. I realise it's not a perfect solution, but it's what we have in use in the hopes of offering one of the best solutions we know of in this current time. In this scenario our customers data/gear is only accessible through a PPPoE session. If someone hacks into our network, we hope that the most they have access to is our own gear, which is password protected, and not our customers data.

Hiding our own WPA2 key in the CFG however would be a plus for us. We are also open for suggestions...

At my age, seeing the pass key is a plus-- I know I have it correct.
I program all radios in office and can not test the setting until I get to the client (or at least some place that can see the AP) :lol:

The password or key MUST be hidden or anybody with a read access can see the password and decode his neighbor´s WLAN-traffic.

all ubiquiti need to do is make it a "password" field


something we keep requesting over and over again...

as for not remembering it and typing it correctly , use notepad and copy/paste if you are bench programming a batch :)

beside that no wisp should give the customer access to the clientdevice
i agree with dren that there is no real secure way to to hide the password
it's only a ilusion.
In general it is no big deal to change Template of the link.cgi and network.cgi
with a hidden formfield if you abled to compile your own firmware from the sdk.