Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-06-11 00:29:40 - last edited 2019-06-11 00:47:28
Model: EAP225-Outdoor  
Hardware Version: V1
Firmware Version: 1.5.0 Build 20190404 Rel. 58086

EAP225-Outdoor has a serious bug/vulnerability when it's managed by Omada Controller.

 

Vulnerability is striggered by Omada Controller is offline, or when OC200 is offline.

Normally, when both are online, EAP and Omada Controller(PC/OC200), with voucher authentication enabled, users are able to connect to the Wifi Network without a password, from there, a portal is opened, and unless the user enter's a valid Voucher Code, user won't be able to use the internet. User will only be connected to the Wifi Network but can't use the internet.

The problem occurs when Omada Controller is offline.

When a user connects to EAP which is managed by Omada Controller, and the Omanda Controller is offline, of course, portal will not run and doesn't show the user to enter a Voucher Code. It instead show the user this:

 

And checking on "I accept the Terms of Use" then click login, user are then able to get this:
 

 

Portal Login Success!
And is now able to connect to the internet. User doesn't need a valid voucher code to use the internet. And user is connected to the network permanently. 

Now, when I run the controller, or in my case, OC200, it shows that the user is connected to the network as guest (KWL-GL503VD)t:

 

But if I check in Insight > Past Guest Authentication, the device's MAC Address is not there, as it didn't authenticate the normal way, via voucher. No voucher was used to successfully connect to the network. I also checked the "Log", connection/authentication is also not recorded, since user connects to the network, and successfully logged in to the portal while Omada Controller is offline. 


As a temporary solution to avoid this vulnerability, the Omanda Controller (PC/OC200) must be turned ON first, and get connected to the internet (OC200) before turning on the EAP. Though, it takes time for the Omada Controller to sync with EAP, it's still much better than turning them ON at the same time, making the EAP vulnerable for a about 2 minutes, before OC200 gets connected to the internet and synced with EAP.

Still, this should be fixed ASAP. When an EAP is managed by Omada Controller, this login screen 

should not be displayed, when the Omada Controller is not detected. Through this, other users will be able to use your network and connect to the internet without the controller's portal.

Update:
I tried to Unautorize the device, but it can't be unauthorized as it gives an error: Authorization iniformation does not exist. So this device is now permanently connected to the network and can't be unauthorized.

  0      
  0      
#1
Options
30 Reply
Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-06-11 02:33:34 - last edited 2019-06-11 06:03:41

Hi,

 

Thanks for your feedback, we had a test in our lab and we reproduced the problem.

 

We will fix the it in the later version of Controller.

  2  
  2  
#2
Options
Re:Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-06-11 06:09:12

forrest wrote

Hi,

 

Thanks for your feedback, we will have a test in our lab.

I hope you can replicate the problem and issue a patch for it. There are others in our Wifi Group in Facebook, tried it in their system and did get the same results. They, too are hoping that this will be patched, after telling them that I already reported it here.

I think this only happen on latest firmware version. As I haven't experience this before when I bought my EAP. User doesn't get Login Portal Success when Omada controller is offline, it just loop on the Terms of Service/Login screen, until Omada Controller gets online again.

  0  
  0  
#3
Options
Re:Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-06-22 03:55:29

forrest wrote

Hi,

 

Thanks for your feedback, we had a test in our lab and we reproduced the problem.

 

We will fix the it in the later version of Controller.

 

Later version of Controller, OC200? Or latest firmware of EAP225-Outdoor. 
Others seems to fix the bug by downgrading EAP225-Outdoor firmware from 1.5.0 to 1.4.0.

  0  
  0  
#4
Options
Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-06-26 21:50:29 - last edited 2019-06-26 21:56:54

Problem fixed.

 

I downgraded my EAP255-Outdoor firmware from 1.5.0 to 1.4.1 and the bug is fixed.
And existing logged-in voucher users can continue using their alloted time even when controller is offline, this is not possible on firmware 1.5.0.

  0  
  0  
#5
Options
Re:Re:Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-08-24 03:17:23

Hello sir, how can i do this downgrade thing? I can't see any toturial or any instruction on how to do it :( 

  0  
  0  
#6
Options
Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-08-24 20:18:15

downgrading the firmware doesnt help at all.. i can still log in without the omada controller..  even my settings is in voucher.. 

hope they can fix this problem asap. 

  0  
  0  
#7
Options
Re:Re:Re:Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-08-27 13:54:13
  0  
  0  
#9
Options
Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-09-24 13:22:49

@Co0LD0wN 

Co0LD0wN wrote

downgrading the firmware doesnt help at all.. i can still log in without the omada controller..  even my settings is in voucher.. 

hope they can fix this problem asap. 

Even if you downgrade EAP to 1.4.1, and you use the latest version of Omada Controller, you'll still experience this bug (based on the report by @theGamer )

What works for me is EAP firmware 1.4.1 and Controller version 3.1.13 (higher than this, you will experience the same bug, even when paired with EAP firmware 1.4.1).

  0  
  0  
#10
Options
Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-10-05 15:27:58

@hashrack 

 

hi there's a new firmware for our device the 1.6.0 Build 20190722 Rel. 63596,.. do you think this one solve the issue on the last firmware? or should i stay on 1.4.1 Build 20181107 Rel. 35628 firmware?

  0  
  0  
#11
Options
Re:Bug/Vulnerability on EAP225-Outdoor + Omada Controller + Voucher Authentication
2019-10-07 23:32:43

@Co0LD0wN 

 

We have fixed the bug on the latest firmware and we have noted this on the release note. Please upgrade the firmware to the latest version. 

  1  
  1  
#12
Options