General security information

10/05/18

Configuration of LANCOM devices with WEBconfig via unencrypted HTTP protocol

On October 5, 2018, the media reported about the vulnerability of network components and technologies over unencrypted HTTP Web interfaces in conjunction with web browsers that store login information (see betanews article).

 

The WEBconfig interface with which LANCOM devices can be configured should always be opened via the encrypted HTTPS protocol. When opening WEBconfig via HTTP, you will receive a corresponding warning message and a link to the HTTPS variant when logging on. We also recommend that you never save the login data in the web browsers.

 

As of LCOS 10.20 you can configure automatic redirection of WEBconfig access to HTTPS. For information, see this Knowledge Base document.