Telkom Modem passwords

H

hartz

Active Member
Joined
Mar 29, 2006
Messages
68
Reaction score
0
I habitually save a copy of my modem configuration once my internet setup is working - just in case I need it later. Today I used the backup I made to restore settings at my wife's business after the modem settings got reset to factory defaults.

This config backup file stores a lot of settings, some of which you may not be able to change through the modem configuration interface! When I searched through the file for a password I noticed there are quite a few different passwords stored in the file. Some of these are quite concerning!
Code: 
    <X_BROADCOM_COM_LoginCfg>
      <AdminPassword>bVk##################</AdminPassword>
      <SupportPassword>bVk##################</SupportPassword>
    </X_BROADCOM_COM_LoginCfg>
    <X_BROADCOM_COM_AppCfg>
      <Tr69cCfg>
        <ConnectionRequestAuthentication>FALSE</ConnectionRequestAuthentication>
      </Tr69cCfg>

Is this perhaps a hashed version of the admin password? I dont see the admin password in the file, so I imagine it is. But why are there two, the second one called SupportPassword? Or is this some completely different password, and should I be changing these?

Elsewhere in the same file
Code: 
    <ManagementServer>
      <URL>http://tsm.telkomadsl.co.za:1111/ACS-INTF</URL>
      <LastConnectedURL>http://tsm.telkomadsl.co.za:1111/ACS-INTF</LastConnectedURL>
      <Username>ACF1########################</Username>
      <Password>h9##########################</Password>
      <PeriodicInformEnable>TRUE</PeriodicInformEnable>
      <PeriodicInformInterval>86400</PeriodicInformInterval>
      <PeriodicInformTime>2011-07-18T00:21:54+00:00</PeriodicInformTime>
      <ConnectionRequestURL notification="2">(null)</ConnectionRequestURL>
      <ConnectionRequestUsername>(null)</ConnectionRequestUsername>
      <ConnectionRequestPassword>(null)</ConnectionRequestPassword>
    </ManagementServer>

Now that I don't like at all....
Telkom is probably spying on me, or giving themselves a back-door into my modem.
 
Hey, it seems to be related to TR069 and is usually used with auto-provisioning. Not to sure if Telkom use it though but it's a great feature were your device will automatically be configured without you having to lift a finger. This also allows the ISP to manage the device, almost all routers these days have this by default but does not necessarily mean that its used.
In fact you would know if it is used as the ISP will promote this as an extra service. Also just note that blank password will also display as ##### or *******.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X