insecure Posted February 23, 2018 Share Posted February 23, 2018 Netduma R1 should not allow insecure protocols, such as, but not limited to HTTP (TCP Port 80) or Telnet (TCP Port 23). These protocols are insecure for passing user name and passwords. Recommendation: Add HTTPS support to the Web daemon being used on the Netduma R1 appliance. Remove HTTP support, or give the option to override the default HTTPS option (with a warning banner) Enable HTTPS support by default. I would be happy to assist, or provide explicit documentation on this risk if necessary. Thank you for creating this great product, now let's make it secure! Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted February 24, 2018 Administrators Share Posted February 24, 2018 DumaOS will be available soon so this isn't needed but thanks for the feedback and offer! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now