Navigation

    Community
     reolink reolink  reolink reolink
    • Search
    • Store
    • Community
    • Support
    • Register
    • Login

    Limit access provided to "guest" users

    Wishlist
    2
    2
    32
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • z0mbie_262929972969680
      z0mbie last edited by

      Currently if you log into a Reolink camera with a 'guest' account via the camera's URL, you can see the entire camera's configuration to include but no limited to:


      • * Network information (now I know what the internal network looks like)

      • * FTP username and server address (now I can brute force this)

      • * Email accounts used (information gathering and potentially people's names)

      • * Camera's recording schedule (now I know when I won't be detected if i'm a person with malicious intent)



      There should be really no reason at all to allow a 'guest' user to even access the configuration settings or 'gear' icon through the web page at all. I can understand allowing them to change their password but guests should be treated with 'zero trust'. It is not enough that they aren't allowed to change anything but you can take this one step further and not provide them viewing access to important/critical configuration settings. Thinking from a pentester's point of view, you can gain a lot of information if a guest account is compromised on these Reolink cameras.

      1 Reply Last reply Reply Quote 0
      • Cynthia_124785627824270
        Cynthia last edited by

        Hello friend, appreciate your feedback on the 'Guest Account' permission when accessing the camera via a web browser.
        We have been diligently working on implementing some selected user requests. And I’m honoured to have yours added to the list. Some nice ideas have been implemented as you can see in our changelog (What’s New) of firmware/software updates. Please kindly understand that bug fixes are our top priority and then user request or feature request. So it may take some time to see yours become true. Please stay tuned!

        You may subscribe our emails to get the news: https://reolink.us13.list-manage.com/subscribe/post?u=c0cb1c1b65426a6d9b3609705&id=a9bc53daec.

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post
        Reolink cloud reolink reolink Reolink cloud reolink reolink

        Reolink Store|Support|About Us|Privacy Policy|Terms and Conditions

        Copyright 2021 © Reolink All Rights Reserved.