this post was submitted on 15 Jul 2023
497 points (99.0% liked)
Technology
59111 readers
5621 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have a 2017 era Samsung TV. I use it to connect to a media server that my router runs if I plug in a USB drive. This just worked so I assumed it was an open unauthenticated service.
Then I tried to use VLC running on my phone to connect and found myself presented with a login screen. When I investigated further I found the router's media server defaulted to using the the router's admin credentials.
So it looks like the TV had been programmed to try common default router creds before showing a login prompt to the user as a "convenience".
That's good UX, the real fuckup is using default admin credentials om your router.
Im safe.
I changed u:admin p:admin to u:root p:service
I wasn't too concerned previously as my routers are only exposing their services to the local network.
I understand the view that it's a superior UX but I was taken aback that it was guessing passwords for other devices on the network.