UBNT Security was Re: Cloudflare 22.214.171.124 public DNS broken w/ AT&T CPE
bruns at 2mbit.com
Mon Apr 2 21:37:37 UTC 2018
On 4/2/2018 3:23 PM, Mike Hammett wrote:
> I believe at one point UBNT did block outside management access, but then their customers voiced to bring it back.
> That said, I think they're taking security more seriously going forward.
I'm not entirely sure what Ubnt has changed lately, because I'm not a
user of the Air* product lines (usually used by the WISPs), but I know
on, for example the Unifi stuff, while the default password is ubnt/ubnt
for the devices, as soon as they are paired with a controller, the
password is set to a random long strong (on a per site basis).
I seem to remember on new EdgeRouter devices they do have you change the
default password during initial web setup. CLI stuff, I think still
have to manually change it from the default.
So yeah, big improvements.
That being said, either way, providers that fail to even basic setup
tasks like changing the default password do deserve what happens to them.
(Note: I heavily use Ubnt's Unifi and Edge* product lines, so I'm
probably biased in one way or another.)
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
More information about the NANOG