Here is the thing, on an ZD3050 with firmware 220.127.116.11 build 15 I have a couples of guest SSID's (say SSID1, SSID2 en SSID3); when we issue a new guest pass for SSID1 a visitor can use it to get internet access - everything works fine so far BUT the moment the visitor type the guest pass into the browser and click on "log in" a new page is generated which says "Authenticated" and a button "Continue" appears which needs to be pushed in order to browse further...But before clicking the "Continue" button one can copy the link generated in the browser and paste it in a .txt file for instance and use it on every computer, tablet, phone and for every SSID without the need to generate another guest pass!!!!! This is a major security breach which affects us all, I don't know how to prevent it, any thought?
I filed ER-2044 for possible guest access cookie vulnerabilities found in 9.8 code, and Ruckus engineering has resolved and incorporated a fix into current 9.10 GA release, with a flag used to prevent copying the URL/cookie info to another session. Thanks for your heads-up on the issue you found, and good news is we saw and fixed it too.
Hi Michael, thanks for your reply BUT I am afraid this is not a viable option for us...we have
a Ruckus network of 248 AP's of which 159 ZF7962 !!!! If I upgrade the firmware
I will lose connectivity to all these
AP's which for us is really unacceptable, is there anything else we can do?