× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Bug Report: EX2700 fails to validate login email correctly

wiquya
Follower

Bug Report: EX2700 fails to validate login email correctly

The JS that handles validation of the email address you enter on the login page for the EX2700|N300 is testing the email address string against the password regex. Due to the password length cap of 32 chars (imposed by the password regex), this means no email address over 32 chars can be used to sign in; instead an error message will just report 'Invalid username'. As the setup page doesn't suffer from the same bug, users can enter and save an email address which exceeds the password length cap yet will be unable to sign-in with it.

 

The bug can be found on line 87 of the `login.js` script at this relative URI: js/login.js

 

It currently is:

 

$('#loginBt').click(function() {
    $('.errorMsg').remove();
    if ( !$.REG_PASSWORD.test($('#userId').val()) ) {
        $.addErrMsgAfter('userId', invalid_username);
    }
...

 

It should be:

 

$('#loginBt').click(function() {
    $('.errorMsg').remove();
    if ( !$.REG_EMAIL.test($('#userId').val()) ) {
        $.addErrMsgAfter('userId', invalid_username);
    }
...

 

This will validate the email string against the regex you provide on line 21 of `js/init.js` for matching email addresses rather than the one on line 22 for validating passwords with a max length of 32 chars.

 

P.S. While you're at it, you should change the HTML placeholder for the email field to 'Email' rather than 'Username' for the sake of clarity.

Model: EX2700|N300 WiFi Range Extender
Message 1 of 2
schumaku
Guru

Re: Bug Report: EX2700 fails to validate login email correctly

Interesting discovery.

 

Peked and poked on the asumingly "similar" EX3700_EX3800 V1.0.0.58_1.0.38 (the curent firmware released some two months after the EX2700 V1.0.1.10) - it does not have an checks in the UI for the input length, neither on the login nor on the password change for the username (requiring an email address). Tastes like this code was added as part of what the EX2700 Firmware Version 1.0.1.10 release does show as new feature - Increased Login security.

 

@DarrenM please investigate - both the issue listed by the OP as well as he absence of input lenth checks on the EX3700/3800 for example? Thank you!

 

-Kurt

 

 

 

Message 2 of 2
Discussion stats
  • 1 reply
  • 2463 views
  • 2 kudos
  • 2 in conversation
Announcements

Orbi 770 Series