Micheal2222 Posted February 4, 2021 Share Posted February 4, 2021 I've noticed that in every configuration my wifi pineapple mark VII always have an Open SSID that is nver disabled! even if i click the button "Hide Open AP" it won't disappear. I think it is a bad bug, please can you tell me how I can I solve? I have the latest firmware, and the Open SSID it shown even if i do the setup via ethernet! Very bad misconfiguration, i hope that it will fixed soon. Michael Link to comment Share on other sites More sharing options...
cidies Posted March 27, 2021 Share Posted March 27, 2021 What's the challenge to response such a vulnerability note. The 1st time I saw such a note was in November. Finally that is what it is: an attack vector. Who is connecting the Open AP - and everyone can do that - is able to attack the Pineapple. How i can stop providing - hiding isn't enough - this password-less access point? Until clarification I can't recommend anyone to use the device. A shell command would be helpfully. Best Regards Chris Link to comment Share on other sites More sharing options...
cidies Posted March 27, 2021 Share Posted March 27, 2021 Here my quick and dirty workaround for the open ap challenge. edited /etc/config/wireless to setup to hide or disable the Open Access Point. But I'm afraid that it will be over written at the next opportunity. Hints would be helpful. The arrows shows the new line: config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' -> option encryption 'psk2+ccmp' -> option key 'topsecretwpakeypw' option maxassoc '100' -> option disabled '1' option encryption 'none' option ssid 'OpenForEveryone' option hidden '1' No it's not more visible. But am I on the right ways? Chris Link to comment Share on other sites More sharing options...
PrivacyAddress Posted December 5, 2021 Share Posted December 5, 2021 This is a security flaw that needs to be addressed. It's as simple as a firmware update. I don't know how a company expects to be taken seriously about security, when they leave such matter left unaddressed, especially when the issue is posted in their own forum. Can confirm, still no disable option for the Open network, only the option to hide. I will ssh into my Pineapple today, and see if there is an xml file that can be edited to copy the option from the private network, and modify whatever command it is sending to the shell to be used for the public one, as this seems like the most likely solution. If I manage to do so, I'll share here. Hak5, I love y'all, but ignoring your own forum that customers use for support, doesn't bode well. This is a security flaw that needs to be addressed. It's as simple as a firmware update. I don't know how a company expects to be taken seriously about security, when they leave such matter left unaddressed, especially when the issue is posted in their own forum. Can confirm, still no disable option for the Open network, only the option to hide. I will ssh into my Pineapple today, and see if there is an xml file that can be edited to copy the option from the private network, and modify whatever command it is sending to the shell to be used for the public one, as this seems like the most likely solution. If I manage to do so, I'll share here. Hak5, I love y'all, but ignoring your own forum that customers use for support, doesn't bode well. Link to comment Share on other sites More sharing options...
PrivacyAddress Posted December 5, 2021 Share Posted December 5, 2021 Also can't edit my previous post. Link to comment Share on other sites More sharing options...
Foxtrot Posted December 5, 2021 Share Posted December 5, 2021 6 hours ago, PrivacyAddress said: This is a security flaw that needs to be addressed. No, it isn't. The hidden checkbox does, in fact, work correctly. The beacons that get sent from the device are in fact hidden. If it wasn't, it would be a bug in OpenWRT or HostAPd. I encourage you to check the beacons yourself with a packet capture and Wireshark. You will see that the SSID is hidden (technically set to empty with a length of 0, as per the WiFi spec.) Here is the relevant section of a beacon broadcasted for the Open AP while set to hidden on one of my Mark VIIs, running firmware 1.1.1. 6 hours ago, PrivacyAddress said: Hak5, I love y'all, but ignoring your own forum that customers use for support, doesn't bode well. Customers aren't ignored, and this forum isn't a support portal. Support can be obtained via the Submit a Request page. Not to mention that this question has already been asked and answered on the forums before. 6 hours ago, PrivacyAddress said: Also can't edit my previous post. Because your account is new (under 6 posts, I believe). This is a restriction applied to every new account, to mitigate spam and scam attempts that we often see. Link to comment Share on other sites More sharing options...
Foxtrot Posted December 5, 2021 Share Posted December 5, 2021 On 3/27/2021 at 5:00 PM, cidies said: config wifi-iface option device 'radio0' option network 'lan' option mode 'ap' -> option encryption 'psk2+ccmp' -> option key 'topsecretwpakeypw' option maxassoc '100' -> option disabled '1' option encryption 'none' option ssid 'OpenForEveryone' option hidden '1' No it's not more visible. But am I on the right ways? Chris Setting the "disabled" option to "1" is enough to stop the interface from coming back up, you don't need to specify the encryption and key. It is important for me to note that we don't have a checkbox to disable the Open AP (like we do for the Management and WPA APs), because of two main reasons: 1) Users can get confused, because it is a common expectation for the Open AP to function all the time as part of a Rogue AP suite. 2) Disabling the AP like you have done may lead to some instability or features not working correctly, which would then lead to user frustration. We will explore the addition of a "Disable Open AP" checkbox in the future. Link to comment Share on other sites More sharing options...
PrivacyAddress Posted December 6, 2021 Share Posted December 6, 2021 6 hours ago, Foxtrot said: No, it isn't. Yeah, because you were finally addressing it. Let me explain something you are negating. Not everyone has the extra $100 to throw around, and when they do, they pick where they spend it, talking to people in that way, will only drive away business like a bad yelp review, keep it up. As for the flaw, I disagree. Not being able to disable the card complete, and have more control, leaves room for error. You aren't the last as all be all, and you should learn how to talk to people. People vote with their dollar, and this isn't the first thread I've seen like this. This question is 8 months old, and mentions another question from "Nov", that's over a year this question has been unaddressed, and now that someone calls you out on it, you want to get defensive. Won't see me again, don't worry. Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 6, 2021 Share Posted December 6, 2021 lol.. Link to comment Share on other sites More sharing options...
Foxtrot Posted December 6, 2021 Share Posted December 6, 2021 9 hours ago, PrivacyAddress said: As for the flaw, I disagree. Not being able to disable the card complete, and have more control, leaves room for error. You aren't the last as all be all, and you should learn how to talk to people. People vote with their dollar, and this isn't the first thread I've seen like this. This question is 8 months old, and mentions another question from "Nov", that's over a year this question has been unaddressed, and now that someone calls you out on it, you want to get defensive. I'm not being defensive... I'm just stating that it's not a bug. You do have control over the card, nothing stops you from editing the configuration file, like cidies did. We just don't expose it in the UI for the reasons I mentioned . Link to comment Share on other sites More sharing options...
swifttrill Posted December 12, 2021 Share Posted December 12, 2021 On 12/5/2021 at 2:20 PM, Foxtrot said: Setting the "disabled" option to "1" is enough to stop the interface from coming back up, you don't need to specify the encryption and key. It is important for me to note that we don't have a checkbox to disable the Open AP (like we do for the Management and WPA APs), because of two main reasons: 1) Users can get confused, because it is a common expectation for the Open AP to function all the time as part of a Rogue AP suite. 2) Disabling the AP like you have done may lead to some instability or features not working correctly, which would then lead to user frustration. We will explore the addition of a "Disable Open AP" checkbox in the future. any ideas on how to set open ap and management ap mac addresses for permanent change Link to comment Share on other sites More sharing options...
swifttrill Posted December 12, 2021 Share Posted December 12, 2021 the /etc/config/ wireless file auto resets itself after boot up Link to comment Share on other sites More sharing options...
Foxtrot Posted December 13, 2021 Share Posted December 13, 2021 That's unrelated to this topic. Please make a new thread. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.