javascript-based password verification

[Andrew Pantyukhin]

I find it hard to believe, but natural selection
has apparently not weeded out one of the most
brain-dead web authentication methods yet.

The winner is...

D-Link. Its latest series of cheap VPN routers,
ADSL gateways and access points verify passwords
with javascript. The passwords are stored in clear
text. Granted, this only happens when you try to
change current password, but that doesn't mean it's
not one of the dumbest security breaches.

I have this gaping hole in my DSL-2640, and I'm
sure they won't fix it any time soon...