Business Community > WiFi > Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
< WiFi

Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
2023-10-16 16:04:19
Model: EAP225  
Hardware Version: V3
Firmware Version: 5.1.0

I have a site that uses several of the EAP225 in stand alone mode and the existing WPA2 passphrase contains < and >.

 

I'm trying out the Omada SDN controller software and it won't allow the existing passphrases (it calls them security keys) that contain the < and > characters. The error is: Request parameter contains XSS attack.

 

For example something like <bbbbbb> will fail.  I tried escaping them with &lt;bbbbbb&gt; but the Omada doesn't de-escape the string and the passphrase contains the &lt; and &gt; instead of the < or >. 

 

Any suggestions on ways to convince the the Omada software to allow these passphrases?

 

 

  1      
 
  1      
 
#1
Options
4 Reply
Re:Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
2023-10-17 02:25:28

  @doublevision I don't know why you insist on using < or > characters, can't you change the password to other supported characters? Not only Omada, many websites, Apps, software platforms, etc., have their own character limit rules, and we can't ask them to meet the special setting needs of each user.

  0  
  0  
#2
Options
Re:Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
2023-10-17 07:05:16 - last edited 2023-10-17 07:08:26

  @DIDADI I am currently using Omada software controller v5.12.9, which allows you to set a password with < or >  (WPA mode: WPA2-PSK/AES).If you are not using this version now, you can go to the official website to download and install firmware v5.12.9, or the updated beta firmware v5.13 by accessing Omada SDN Controller_V5.13 Beta (Released on Oct 8th, 2023) - Business Community (tp-link.com).

  0  
  0  
#3
Options
Re:Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
2023-10-17 14:18:43 - last edited 2023-10-17 15:57:14

Thank you. That is very helpful. I look forward to seeing this fixed.

 

 I can't find 15.12.9 and 15.13.9 apparently doesn't connect to the cloud. I'm running the software controller which is only up to 15.12.7. The hardware controller is up to 15.12.9.

 

The current version 15.12.7 doesn't block all < or >. For example, it allows <aaaaaa> but blocks <bbbbbb>. I'm sure there is some logic in that...

  1  
  1  
#4
Options
Re:Omada SDN software blocks using < and > in WLAN passphrase to prevent XSS attack, work-around?
2023-10-18 03:12:18

  @doublevision 

 

Hi, maybe it doesn't support in controller mode, suggest you post a feature request with the error message screenshot here.

Just striving to develop myself while helping others.
  0  
  0  
#5
Options

Information

Helpful: 1

Views: 426

Replies: 4

Related Articles
OMADA SDN has IP from LAN but no internet
7440 0
Omada SDN 4.1.5 not able to autobackup
1049 0
 Omada software controller won't update the wlan password on its access point devices
578 0
EAP225 V3 (EU) & Omada Software Controller V4.2.8
1497 0
Omada Software Controller won't show networks
596 0
EAP225(EU) V5 & OMADA software controller 5.7.4
1526 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.