ASUS RT-AC68U Firmware 3.0.0.4.378.6152

[pege63]

Please note] This version changed the login authentication method.
Wath that means how is the login now then?

Please unplug the hard drive before updating firmware.
Are they refer to the HDD that is plugged in the USB ports?

 

[IAAI]

Please note] This version changed the login authentication method.
Wath that means how is the login now then?

Please unplug the hard drive before updating firmware.
Are they refer to the HDD that is plugged in the USB ports?

Yes

-------------------
Please allow me to complete your post

ASUS RT-AC68U Firmware 3.0.0.4.378.6152
- Release note -

[Please note] This version changed the login authentication method. Please unplug the hard drive before updating firmware. After firmware updated, please press the reset button more than five seconds to reset the router to avoid some compatibility issues.


Security fixes
- Enhanced the login authentication strength and fixed CSRF related issues.
- Forced administrator to change the default password "admin" in internet setup wizard.
- Added protection mechanism for GUI login brute-force attack for login username and password.
- Administrator can assign a specified IP to login GUI in Administration > System > "Allow only specified IP.


New feature
- Added client list view button on network map and help administrator easily monitor all client connection status.


Bug fixes
- Fixed the NAT loopback issue when connecting to LAN FTP server.
- Fixed UI issue when using SmartSync to sync with Dropbox.
- Fixed lease time and lease expires time
- Fixed ethernet connection fail in IPv6 when WAN hwaddr is cloned.
- Fixed smart sync error when synchronised with Samba and FTP
- Fixed JS error in AiProtection
- Fixed allowed and blocked incoming icmp firewall rules.
- Fixed dnsmasq buffer overflow issue.
- Fixed redirect issue when using https only.
- Fixed USB related issues when connected to USB hub.


3G/LTE dongle related fixes
- Fixed executed time issue when using auto-APN.
- Modified auto-APN nvram.
- Fixed lockpin function.
- Fixed send_sms function.
- Updated the SPN data from Android.
- Fixed web redirected fail after setting PPPoE in internet setup wizard.


Modifications
- Updated Adaptive QoS DPI engine.
- Reduced media server memory usage when scanning *.avi, *.mov, *.mp4, *.m4a, *.3gp, *.3g2, *.mj2.
- refined AiProtection alert mail format.
File Size     31.2 MBytes update 2015/06/03

http://dlcdnet.asus.com/pub/ASUS/wi...86152.zip?_ga=1.11594355.614295311.1433403296

 

[pege63]

They changed the login authentication method, wath that mean? Same as before or wath?

 

[IAAI]

They changed the login authentication method, wath that mean? Same as before or wath?

didn't try it yet , I will confirm as soon as i update it tomorrow
but to me it sounds like they will no longer accept admin/admin login and password for the router .I think you will need to change the password

 

[Deleted member 22229]

didn't try it yet , I will confirm as soon as i update it tomorrow
but to me it sounds like they will no longer accept admin/admin login and password for the router .I think you will need to change the password

Yes I believe what Asus has done is basically to force the user to change the default admin/admin to something different.

 

[RMerlin]

Instead of relying on http Basic Authentication, they use their own, token-based scheme now, with their own login page.

 

[pege63]

But after update i still can use my last login name and password as usual, yes?

 

[fax]

Yes, you can... and after the reset re-state the password as you wish.

 

[IAAI]

I just hate the new login method , browsers can't remember login name & password Firefox + Chrome (They will remember it , but you can't use it )

 

[Deleted member 22229]

Wow i have not used any new Asus code for awhile. This reminds me of the Linksys cloud log in. Is Asus using a cloud service now for router access ??

 

[RMerlin]

Wow i have not used any new Asus code for awhile. This reminds me of the Linksys cloud log in. Is Asus using a cloud service now for router access ??

No, they just went with their own system, combined with a token authentication system, which will protect the router against a wide range of potential cross-site vulnerabilities. A few other firmwares (like DD-WRT I think) also switched to token-based authentication a while ago.

It's all entirely handled by the router.

Such methods are quite common with other devices BTW. This Asus router was the only connected device I have here that still used HTTP Basic Authentication. My Cisco ATA also uses a web form, same with all the QNAP NAS I install for my customers.

Lastpass and similar applications should be able to remember your login.

 

[IAAI]

using lastpass makes no sense , can't risk saving all my passwords at one place (cloud)!

 

[Gitsum]

Does the "TrafficAnalyzer" work with this release??

 

[RMerlin]

using lastpass makes no sense , can't risk saving all my passwords at one place (cloud)!

Or Roboform, or whatever other auto-form fill tool you wish to use.

As I said, the use of HTTP basic authentication is becoming quite uncommon in the embedded device market. Asus isn't doing anything different there by also ditching that method.

 

[IAAI]

Or Roboform, or whatever other auto-form fill tool you wish to use.

As I said, the use of HTTP basic authentication is becoming quite uncommon in the embedded device market. Asus isn't doing anything different there by also ditching that method.

Does this mean we are going to see this method with build 54 ?

 

[chaitu87]

Well the QOS app is basically useless with this release, you can't drag and drop priorities anymore. Tried it with Chrome, IE and Firefox...

 

[RMerlin]

Does this mean we are going to see this method with build 54 ?

Probably not 54, but future builds will once the newer code is merged in.

 

[L&LD]

Probably not 54, but future builds will once the newer code is merged in.

When that happens, does that open the possibility to have the Tools page again with direct access to the router built in?

 

[RMerlin]

When that happens, does that open the possibility to have the Tools page again with direct access to the router built in?

If you are referring to the Run Command page, this is not coming back anytime soon. This was a major security liability.

It takes less time to connect through SSH than it takes to login to the webui, click on two different links to reach the Run Cmd page, and run the command.

 

[RMerlin]

One thing I changed is I put that new login page on a diet. Asus's page is so large that it doesn't even fit on a typical laptop with 1366x768 (I didn't even bother trying on a tablet). I removed 2/3 of the wasted space at the top, and shrunk everything on the page by 25%. It's still touch-friendly, without looking completely overblown on a computer monitor.