Why is my AV reporting a network security issue?

[Benteke]

My AV program keeps indicating that I have a network security issue --> "router has a weak password - the default password, one that is easily guessed or none at all."

I'm certain that both router passwords (the one used to log on the the network and the one used to make changes to the routers settings) are as strong as possible, so I'm not understanding why I keep receiving this warning? The only thing I can think of is that the username that came with the router cannot be changed.

Any ideas????

 

[Alejandro85]

The only reasonably explanation I could come with is that there could be some other form of access to the router, some allow configuring them by FTP or Telnet, and those can have weak passwords in addition to the main web-based one. Just a guess, but check out for that just in case.
Or maybe your current logins aren't that strong as you believe? Very unlikely, but possible.

If the thing is complaining just because the username, you can just discard it. Usernames are meant to be public anyway, while the actual secrecy must lie in the password instead. There is nothing bad in having a common username, just a common password is a problem.

Other than that, I have no idea. It could be a false positive or something else you can be overlooking. If available, read the AV documentation to try to figure out what's exactly being tested and why it complains.

 

[UsernameIssues]

My AV program keeps indicating that I have a network security issue --> "router has a weak password - the default password, one that is easily guessed or none at all."

I'm certain that both router passwords (the one used to log on the the network and the one used to make changes to the routers settings) are as strong as possible, so I'm not understanding why I keep receiving this warning? The only thing I can think of is that the username that came with the router cannot be changed.

Any ideas????

What antivirus app you are using? How would it even know those passwords?

What router make/model do you have?

You mentioned that the router has two passwords:
1) one used to log on the network
2) one used to make changes to the router's settings

Is password number one used to connect to your ISP? Like for a PPPoE account? Or is the router also a wireless access point and password number one is the key needed to connect a Wi-Fi device?

 

[Benteke]

What antivirus app you are using? How would it even know those passwords?

What router make/model do you have?

You mentioned that the router has two passwords:
1) one used to log on the network
2) one used to make changes to the router's settings

Is password number one used to connect to your ISP? Like for a PPPoE account? Or is the router also a wireless access point and password number one is the key needed to connect a Wi-Fi device?

I'm using AVAST (paid version), the router is a Netgear N900.

1) Sorry, I should have clarified....number one password is used to log on to the wireless network. If I hardwire the connection (ethernet cable), no password is needed.
2) this password is used to log in and setup/configure the router.


Sorry for the late reply.

 

[UsernameIssues]

https://blog.avast.com/2015/04/16/w...twork-connections-both-in-public-and-at-home/

Poke around in the app and see if it can tell you more info about the supposed weakness.

You might want to ask AVAST why it flags your router. As mentioned before, there might be multiple ways to get into a router. In my opinion, the app should tell you how it got in (if it really did get in).

 

[jraju]

Hi, Thread owner,
i think Avast is doing a kind of aggressive scanning and giving all the router users a kind of security vulnerability. I also use avast and changed the router to new one. But still get the same alert. If you go to details, you also would be having the other weakness, in the form of yellow icons, down under.
I was shown rom 0 vulnerability and all . Please after scanning the avast home network, security, you just click the show. It would prompt you to go to the router page to change the password. The alert would be user:user, password:user, when normally it does not mean that . I had changed the admin password and still it says that as if it is a weak password. Did you see the avast web forum. I have raised those questions on their web forum but still to get the answer.
Please see the other thread that i raised in this fourm in the same subject

 

[Benteke]

https://blog.avast.com/2015/04/16/w...twork-connections-both-in-public-and-at-home/

Poke around in the app and see if it can tell you more info about the supposed weakness.

You might want to ask AVAST why it flags your router. As mentioned before, there might be multiple ways to get into a router. In my opinion, the app should tell you how it got in (if it really did get in).

This is exactly what I get if I run a Network Scan -->

Your device is not configured correctly

PROBLEM - Your network router is set to a weak password
RISK - Hackers can connect to the router and modify your network settings and/or disable internet connection
SOLUTION - Change the password in router settings

When I click SHOW details, it just displays
USERNAME:
PASSWORD:

There is nothing next to username or password, it’s just blank… So, to your point…. If Avast WAS able to get in to my router, wouldn’t the app be able to show my Username & Password and not just leave it “blank’ (as in the above)???

Hi, Thread owner,
i think Avast is doing a kind of aggressive scanning and giving all the router users a kind of security vulnerability....Please see the other thread that i raised in this fourm in the same subject

Thanks jraju.... Do you have a link to that thread?

 

[UsernameIssues]

It might be best to ask specific AVAST questions here https://forum.avast.com/?board=2.0

 

[torchwood]

password

As i've said before
To get to your router Admin/Password page.
in location bar type
192.168.0.1
that will open the setiings page goto security settings password
I suspect owner is admin, and password either blank or 12345, or it will be with the paperwork you got with the router.

Change it .

Roy

 

[Benteke]

As i've said before
To get to your router Admin/Password page.
in location bar type
192.168.0.1
that will open the setiings page goto security settings password
I suspect owner is admin, and password either blank or 12345, or it will be with the paperwork you got with the router.

Change it .

Roy

Thanks Roy.... Already did that when I first installed the router. I've changed the password about 6-7 times and still get the same network security warning. The only 'weakness' I can think of is the fact that the username cannot be changed. But from what I understand, that's common with Netgear routers.

 

[jraju]

Hi, Further to the points i made, i wish to point out one thing. If the scan by grc.com and (shield up) total service scan option, and common ports scan show no vulnerability, please leave it. No antivirus other than avast is giving this vulnerability messages. I am going to use mse or other antivirus.
My service provider says that we should not be bothered about these messages. I leave it to your ISP. He says not revealing the network password is the best option. Normally the dsl line connection thro isp is naturally protected and leaves nothing to hijack. I am one like you and even replaced the router to new edition. But still getting this.
Further one of the fourm members clarified my dns change, as not hacked , but when dhcp ip is not assigned any ip, windows would auto create ip to get internet access. This was totally news to me and i checked the link and to find about the same.
Your lan connection could not be hacked if you have dynamic ip and also under a reputed ISP. No need to change the admin password. I received this advice from service provider.
If your check at grc.com is fine, then leave this.
It is also a fact that no other av is giving these alerts, as they do not touch upon router.
you have pointed out that you have changed the pw and still get the same alert.
Regarding link
https://forum.avast.com/index.php?topic=182469.0

 

[Benteke]

Just to update... I took UsernameIssues' advice and posted on the AVAST forum. They responded by asking me to record and send them the log files from the HNS scan. OR, to just send the following file: "C:\ProgramData\AVAST Software\Avast\log\HnsStats.json.lzma" , as it contains most of the important information related to the HNS scans.

So I'm wondering whether or not this is wise?

...
If your check at grc.com is fine, then leave this.
It is also a fact that no other av is giving these alerts, as they do not touch upon router.
you have pointed out that you have changed the pw and still get the same alert.

Thanks jraju, never heard of grc shield up prior to your recommendation.

 

[UsernameIssues]

Open up notepad. Open up Windows Explorer. Drag that HnsStats.json.lzma file from the Explorer windows and drop it into the open notepad window.

It might not be text - but you might be able to determine if there is any personal info in there. If it looks like something that you don't mind them having, then I would say to post it

 

[jraju]

Hi, username..
I have sent to them the log files in their support form. But no use. They stick to their views that I am having vulnerability.
I want to know from you. Is it possible to hack your broadband password and got connected to your line , if you are provided network thro reputed ISP. They say that it is totally secured and one cannot peep in to your line, lan, allotted to you , by the ISP.
The second concern is about the wifi network. If you are having combo, bb and wifi in the same modem, then it is possible to know the password from some source and can access your wifi and enjoy free internet access. This is on the condition, that he knows the password from the owner of the computer.
I think this could be resolved by obtaining password from grc.com and it could not be remembered as easily . So, no body in theory could attack you.I am also of the view the admin password need not be changed, as it will have to be reset, once it is having some problem. The router password is only for entering the router page. If you type the access point, it is capturing the details of your router and with NAT firewall, it is just impossible to hack the individual broadband and get access to files in the system. Would you give your view on this
I thought that my dns has changed , but it was clarified by a geek from this forum, that it is Apapi, which i do not know previously. It is assigned automatically, when the computer Dhcp is not able to allot ip to the computer. It is also noted, that once, your internet dhcp gets enabled, this vanishes.
I also wish you to go to the link i gave in my previous post, that it shows postive and -ve results in two times on the same day by Avast scan.
Think that there is a glitch.
Moreover avast point port 80, and 21 in their diagrammatic representation in the scanned page. checking those ports in grc.com shows mine as stealthy.

 

[torchwood]

password

The only other things i can think of is that Avast, is checking on the password style.
ie are they
all lower case
all alpha
all numeric
any non alpha/numeric characters
less than x characters long.

As in reality they should not be able to read it at all.

Roy

 

[UsernameIssues]

Most things are possible. The question is: how probable is something?

I don't know the security measures taken by your ISP, so I don't know how probable it might be for someone to find out your broadband password and then use it to connect to your line.

Finding the key to a Wi-Fi network is not that hard. Again, I'm not going to know the likelihood of this happening. If internet service is expensive, then people might go to the trouble to get free service from someone close by. It sounds like you are saying that even if someone did connect to your Wi-Fi, they would still need to authenticate to the ISP before gain access to the Internet. That extra step should help prevent people from breaking into wireless networks.

If someone does get access to your router, getting to your files should be blocked by the firewall on your computer.

The grc.com website is nice, but it only scans a small portion of possible ports. I do not understand your comment "obtaining password from grc.com".

I did look at the link to your AVAST forum thread. I am not a member, so I cannot see attachments. From what I have read in this thread and the AVAST forum thread, you don't know how the AVAST software is checking the router. I don't know how it does it either.

The GRC website asks to make connections to your public IP address on various ports. Your AVAST software is probably checking the private side of your router. I don't know what/how AVAST checks; so, I cannot say what you should expect to see in the log files.

 

[Layback Bear]

My answer is much simpler.
Change your anti virus program. Use one that is a anti virus program and stays the hell out of your router.
As of late Avast is sticking it's fingers into things it shouldn't. Avast has been screwing up VSS, clouds and now routers. Avast should go back to being a great anti virus program and leave the rest of the computer alone.

Just my opinion.

 

[Benteke]

Hi, username..
I am also of the view the admin password need not be changed, as it will have to be reset, once it is having some problem. The router password is only for entering the router page. If you type the access point, it is capturing the details of your router and with NAT firewall, it is just impossible to hack the individual broadband and get access to files in the system.

Are you sure about this? I have strong passwords for BOTH. The irony (regarding your statement) is that the MAX password length for the WiFi connection is 33 characters, while the router login password (admin password), can be set to a max of 64. A 64 character password should be miles stronger than a 33 character password. So IF the WiFi password is the more 'significant' of the two, shouldn't it be the opposite?

My answer is much simpler.
Change your anti virus program. Use one that is a anti virus program and stays the hell out of your router.
As of late Avast is sticking it's fingers into things it shouldn't. Avast has been screwing up VSS, clouds and now routers. Avast should go back to being a great anti virus program and leave the rest of the computer alone.

Just my opinion.

I plan on changing, trust me! I have a little over 30 days left on my active license and the only reason I paid for a license in the first place was because I used their free AV for a few yrs & liked it. With that said, I still want to be 100% sure that I have a relatively secure network setup!

 

[jraju]

Hi, Thanks for the pointers to the essence of the topic i raised.
To, benteke,
wifi pw set up differ from router to router. My router supports 63 alpha numeric. ISP said that admin pw need not be changed as it will be difficult if any lengthy secured password is not known, if any issue arises and it has be reset to reconfigure the router.
Hi, Layback , i have tried panda free, and its cloudy thing , i changed to avast, which was best. But , when i asked how the vulnerabilities have been checked , there is no reply from them.
Would avira be my next alternative ... please.
I tried AVG, and i was informed that it is somewhat aggressive and would delete some system files. Once, I was the user of AVG.
Avast is very good, but their online popups, to change to paid version, and use their paid secure dns and also grime fighters without user consent, and particularly the latest introduced network scan, producing the vulnerabilities report but not solutions make me thing to change to some other.
I want a av program with lesser online annoyance popups , using less resource. MSE finds, but only limited items. Most av does not touch browser hijacks and redirects. Pl share your thought.
Hi, username..
obtaining pw from grc.com means that their pw are allotted once you browse their password page. You find different kinds of pw suitable to routers, which are hard to crack. But you have to copy to your pen drive , and in your pc and tablet, if you want to use it on many devices. The passwords are tested and very hard to crack. Pl. see this link
5 Free Password Generators For Nearly Unhackable Passwords
Please read this , i could not get you the grc.com link from my browser.

 

[Benteke]

While we're on the topic, IS there a program (or some other means) to check/scan a home network setup for vulnerabilities?