Update content published on 28-02-2025

Security Update – Coslat Firewall Captive Portal Rate-Limit Vulnerability Mitigated

Release Date: February 28, 2025

Affected Product: Coslat Firewall

Affected Module: Captive Portal Login – Rate Limit / Throttling

Fixed in Version: 6.0.0.r.20250228.1514

Severity: Medium – High

Summary

During security analysis performed on the Captive Portal component, it was identified that there was no rate-limit mechanism to restrict user login attempts.

This vulnerability allowed malicious users to make repeated login attempts in a very short period, facilitating brute-force attacks and negatively impacting system performance.

The issue has been fully resolved in version 6.0.0.r.20250228.1514. We strongly recommend all users to apply this update.

Vulnerability Details

Vulnerability Code: COS-FW-2025-2802

Vulnerability Type: Captive Portal Rate Limit Bypass / Missing Rate-Limit

Affected Area: Captive Portal – User Login

Tests conducted on the Captive Portal revealed that no rate-limiting was applied to user login requests. This allowed attackers to perform thousands of login attempts in a short time, either with the same or different usernames.

This flaw could enable brute-force attempts by malicious or unauthorized users within the network and could lead to excessive consumption of system resources.

Affected Versions

Product: Coslat Firewall

Version: 6.0.0.r.2025-

Status: Affected

Product: Coslat Firewall

Version: 6.0.0.r.20250228.1514

Status: Secure version (Rate-limit support added)

Resolution: Fixes Made in Version 6.0.0.r.20250228.1514

Added IP-based and user-based rate-limiting to the Captive Portal.

Implemented per-IP login attempt limits per minute.

Added a limit for consecutive failed attempts for the same username.

Automatic temporary blocking is applied when limits are exceeded.

Update Instructions

The update dated 6.0.0.r.20250228.1514 should be applied via the web interface.