VULNERABILITY OF OMADA

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

VULNERABILITY OF OMADA

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VULNERABILITY OF OMADA
VULNERABILITY OF OMADA
2022-05-19 23:30:23 - last edited 2022-05-20 00:48:00
Hardware Version: V3
Firmware Version: 5.3

OMADA software has a vulnerability in the HOTSPOT, when the VOUCHER time expires the OMADA system does not block access to social networks, the HOTSPOT client continues to use social networks for free. When the VOUCHER ends, it does not block the client. The client continues to browse freely through social networks. We have to be manually blocking the VOUCHER client. This is a serious problem. This happens with almost all versions of OMADA software. We use OMADA controller version 5.3.1 and windows 8.1

  0      
  0      
#1
Options
1 Reply
Re:VULNERABILITY OF OMADA
2022-05-20 04:04:46 - last edited 2022-05-20 04:09:41

Dear @VULNERABILITY,

 

VULNERABILITY wrote

OMADA software has a vulnerability in the HOTSPOT, when the VOUCHER time expires the OMADA system does not block access to social networks, the HOTSPOT client continues to use social networks for free. When the VOUCHER ends, it does not block the client. The client continues to browse freely through social networks. We have to be manually blocking the VOUCHER client. This is a serious problem. This happens with almost all versions of OMADA software. We use OMADA controller version 5.3.1 and windows 8.1

 

Thank you so much for taking the time to report the issue to our community!

 

If you are referring to the issue that the hotspot portal on Omada Controller (v5.1 and earlier) calculates the expiration time with every new login, which results in that disconnecting the device or log-on with another device will extend the expiration time automatically, then creating new vouchers with "Voucher Duration" on the Controller v5.3.1 should be able to fix it.

 

Controller v5.3.1 has added "Duration Type" options for vouchers, with "Voucher Duration" and "Client Duration" optional. For "Client Duration", each new connected client using the same voucher code to get authenticated can have Internet access for a same duration time. While for "Voucher Duration", once the first client has used the voucher code to get authenticated, the duration countdown begins and the voucher code will be expired after the duration time is up no mater how late other clients get authenticated.

 

If you are talking about a different issue, could you please provide as much detail as possible so that we can try to help?

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options