Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:security:openwrt_security [2021/03/29 12:23] – links, formatting vgaeteradocs:guide-user:security:openwrt_security [2022/11/06 13:10] – [I have custom packages installed...] mdvthu
Line 7: Line 7:
  
 You need to set a password on your OpenWrt root account. You need to set a password on your OpenWrt root account.
-The root account is the default OpenWrt admin account on your device. The next chapter will show you how to do this.+The root account is the default OpenWrt admin account on your device. 
 +The next chapter will show you how to do this.
  
 This page also contains some general information about security of OpenWrt and what you should do in general, to keep your router in a properly secured state. This page also contains some general information about security of OpenWrt and what you should do in general, to keep your router in a properly secured state.
Line 62: Line 63:
   * Don't share your root password with others, even if they promise some hot skateboarding penguins pictures in return   * Don't share your root password with others, even if they promise some hot skateboarding penguins pictures in return
    
-===== I don't need to set a 'rootpassword, when I am the only user. Right?.... =====+===== I don't need to set a root password, when I am the only user. Right?.... =====
 Congratulations that you do not have to share precious bandwidth with others, but you still need to set a root password. Congratulations that you do not have to share precious bandwidth with others, but you still need to set a root password.
  
-Because any web site you call from a browser in your home network (e.g. those that promise hot skateboarding penguins pictures) could easily use so called [[wp>Cross-site_request_forgery|cross-site request forgery]] to access web interface of your OpenWrt device, without you noticing it and then do evil things there. If no 'root' password is set, such malicious sites could manipulate your OpenWrt device in a way that you won't like.+Any web site you call from a browser in your home network (e.g. those that promise hot skateboarding penguins pictures) could easily use so called [[wp>Cross-site_request_forgery|cross-site request forgery]] to access web interface of your OpenWrt device, without you noticing it and then do evil things there.
  
 +If no root password is set, such malicious sites could manipulate your OpenWrt device in a way that you won't like.
 So just go and set a password on your root account now. So just go and set a password on your root account now.
  
Line 105: Line 107:
 ===== A word about high-value weak points on OpenWrt ===== ===== A word about high-value weak points on OpenWrt =====
 OpenWrt devices have 2-4 common services running, which kind of mark high-value targets for malware (even when only available in your LAN-zone): Any harmless looking web site, you have visited in your browser, could use cross site request forgery tricks, abusing an unpatched security flaw in one of these services. OpenWrt devices have 2-4 common services running, which kind of mark high-value targets for malware (even when only available in your LAN-zone): Any harmless looking web site, you have visited in your browser, could use cross site request forgery tricks, abusing an unpatched security flaw in one of these services.
-This could lead to malicious malware redirect attacks where [[https://secure.wphackedhelp.com/blog/wordpress-malware-redirect-hack-cleanup/#wordpress_site_redirects_to_another_site|website redirects to a malware site]] and so on.+This could lead to malicious malware redirect attacks where [[https://attack.mitre.org/techniques/T1189/|website redirects to a malware site]] and so on.
  
 These high-value services in particular are: These high-value services in particular are:
  • Last modified: 2024/01/21 19:48
  • by spectredev