Tonight, while reconfiguring my network, I had to log into my Linksys RTP 300 router. If you remember, a while back I wrote about a security flaw I found in the log in script of that router. You can read my post here. Well, tonight while logging in I mistyped the last character of the router’s password, which of course is still a digit. Guess what folks, I was able to log in without any problems.
Last year, when I wrote my post, the firmware version was 1.00.55. The current firmware version is 1.00.62. Before I wrote my first post about this, I had contacted Linksys and informed them of the problem. The email I received from them pretty much told me: thanks for the info. we will look into it. Well, in a couple of months it will be one year since I told them and the security flaw has not been fixed. Apparently Linksys, a company owned by one of the biggest network hardware manufacturer (Cisco), priding itself on security, does NOT think that simple password security flaw is important enough to fix.
Wonderful! With that kind of security/customer minds set, maybe we should look into switching to Netgear or D-Link.