Project

General

Profile

Actions

Bug #10881

closed

Captive Portal with AD authentication can be bypassed with just a valid username, no password required

Added by Aurelian Rau about 4 years ago. Updated about 4 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
09/09/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

We have observed that we can login to the Captive Portal with a valid username and no password (we have it set up to authenticate against an Active Directory). Writing random characters in the user field does not work, you need to know an actual user from the Active Directory. The same, if you write a valid user but an invalid password, it does not work. The big problem is that if you leave the password field empty, all you need is a username and you can bypass the Captive Portal.

We are using:
2.4.5-RELEASE-p1 (amd64)
built on Tue Jun 02 17:51:17 EDT 2020
FreeBSD 11.3-STABLE

Please let me know what other information is needed to troubleshoot this security issue (sorry, this is my first bug here).

Actions

Also available in: Atom PDF