I saw this, while i was making a change in my Wifi Router Setting,
If i think from a Security Perspective:
Basically My Wifi Router Web Interface is very unsecure, well i think it should use a better approach, this is the worst possible,
I know about JWT, this is PWT(Plain Web Tokens) 😬
Let's see why...
Snap1: Shows Cookie With Content containing Username and Password in Bas64
So Over here, we can see The Cookie Header contains a HTTP Header (Authorization) in form a Cookie name&value and the value contains the username&password that i just entered.
Base64!!! Hmmm Nice
If i think from a Router's Actual Work:
Then in that case it has nothing to do with the Web Interface.
Web Interface are for us to manage few things and that too mostly used in Internal Network
Behind the Scenes (My Mind Conversation & Thoughts)
But if someone who is part of the network but does not have access can SNIFF the Traffic and capture these details
But this is totally contradictory, since he could have SNIFFED the Initial Login Traffic and received the details and Also the Web Interface is usually over Plain HTTP.