News

‘Creation of certificate for Fritzbox reveals host name via internet’

By admin
Spread the love

A new beta of firmware for the Fritzbox router lets users create a Let’s Encrypt certificate to enable management over the Internet over a secure connection. As a result, the host name is exposed to third parties, writes a German site.

Security researcher Hanno Böck writes on the Golem site that the certificates created via the function can be found using certificate transparency systems. For example, there are services that offer an api to search created certificates. An attacker could use this to find out the host names of Fitzbox routers, he says. If a vulnerability is found in, for example, the web interface, the routers run a risk.

Manufacturer AVM tells the site that “security models should go beyond hiding devices.” In addition, the https ports would be randomly assigned, which, according to Böck, only delays an attack by a few minutes. The researcher states that it is nevertheless a good idea on the part of the manufacturer to enable automatic creation of a certificate. He suggests that a warning to users might be in order that using the function reveals the hostname.

The Let’s Encrypt certificate creation feature can be found in the latest beta firmware for the Fritzbox 7490, the manufacturer announced this week. After creating a certificate, users can access their router via the MyFritz service over a secure connection.

You might also like
News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Igor’s Lab shares specs LGA1851 socket Arrow Lake: PCIe 5.0 SSDs and more pins

News

PC version Ratchet & Clank: Rift Apart required by DirectStorage 1.2 no SSD