Nice one Belkin

I needed to log on to my flat's DSL router admin interface this evening to check some settings, but unfortunately had forgotten the password. After trying the usual suspects (blank, 'password', 'secret') with no luck, I noticed that every time I hit the submit button, the interface didn't actually seem to connecting to the server. What were the chances the Belkin developers had implemented the password check as an async javascript invocation? Not bloody likely.

So I thought I'd do a quick view source:

pwdAdmin = 'mysecurepassword';
pwdSupport = '';
pwdUser = '10';

function frmSubmit()
{
with ( document.forms[0] )
{
var returnval;

if(pass.value == pwdAdmin){
pass.disabled=true;
usrUserName.value = 'pass';
LogDiv.innerHTML = "";
returnval = true;
}
else
{
usrUserName.value = 'fail';
LogDiv.innerHTML = "Login Failed: Error Password !";
returnval = false;
}
}

return returnval;
}


I'll try not to pass judgement and just have a little giggle to myself instead.