Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Free Radius addon for ARM - security problems
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-07-24
10:27 PM
2014-07-24
10:27 PM
Free Radius addon for ARM - security problems
The Free Radius app can be accessed by typing the following URL on the LAN. No authentication required to add/delete users. No security whatsoever.
https://IP of your NAS/apps/radius-app/users.php
Why doesn't this app adhere to the user security built into the OS? Allow me to assign who can manage.... Something!
https://IP of your NAS/apps/radius-app/users.php
Why doesn't this app adhere to the user security built into the OS? Allow me to assign who can manage.... Something!
Message 1 of 7
Labels:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-08-11
11:05 PM
2014-08-11
11:05 PM
Re: Free Radius addon for ARM - security problems
No response? Can someone fix the Radius app to require a NAS admin login to change settings. Or, apply an app level admin username/password?
The current method is poor security.
The current method is poor security.
Message 2 of 7
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-08-11
11:12 PM
2014-08-11
11:12 PM
Re: Free Radius addon for ARM - security problems
NTGR should be doing more in-depth qualification of addons. Right now it seems like a flashmob of approvals/additions to try and catch up to Synology's offerings, without doing sanity checks like this. Stuff under /apps/ should get an umbrella auth system too from the OS.
Message 3 of 7
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-08-11
11:13 PM
2014-08-11
11:13 PM
Re: Free Radius addon for ARM - security problems
App updates are up to the developer. There are other issues reported with this app and it hasn't been updated in some time.
Message 4 of 7
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-08-12
07:38 PM
2014-08-12
07:38 PM
Re: Free Radius addon for ARM - security problems
mdgm wrote: App updates are up to the developer. There are other issues reported with this app and it hasn't been updated in some time.
Netgear is giving too much freedom if they are allowing plugin apps to be accessible without reasonable security checks. A recipe for disaster.
I checked Synology and they do not allow access to their Radius app from users other than admins or those with permission.
Simple, fix it Netgear!
Message 5 of 7
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-08-13
03:37 AM
2014-08-13
03:37 AM
Re: Free Radius addon for ARM - security problems
The only fix netgear can make is to remove the app - which of course is sometimes the right solution.
claykin wrote: Simple, fix it Netgear!
I agree that with Chirpa that the up-front qualification should find stuff like this.
Message 6 of 7
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2014-08-13
05:32 AM
2014-08-13
05:32 AM
Re: Free Radius addon for ARM - security problems
If you have SSH access you should be able to add a .htaccess file to add some security.
Message 7 of 7