Category: Advisories

  • Advisory: HTTPS Walled Garden URLs for Payment Gateways

    Updated: 23 July 2020 We have added the walled garden HTTPS domains feature as the recommended approach to allow downstream devices to access the payment gateways before login. In doing so, we are effectively decommissioning the IP Address-based walled garden configuration. As such, it is advised to add the relevant HTTPS domains to the walled […]

  • Advisory: Instagram Deprecated Portal Login

    Instagram has disabled Instagram Legacy API permission (“Basic Permission”) for third party apps on June 29, 2020. With this change, ANTlabs’ Instagram direct login will not work anymore.  To ensure fewer disruptions and smoother flow, we recommend admins to remove this authentication method and use Facebook Login instead. Source: https://www.instagram.com/developer/

  • Advisory: WeChat Depecrated Portal Login

    WeChat has disabled portal login function for their WiFi on 19 Aug 2019, due to tightened security restrictions of IOS 13 and Andriod Q. With this change, ANTlabs’ WeChat direct login will not work anymore.  Our Engineering Team is still analyzing whether there is a replacement for this.  This advisory shall be updated as soon […]

  • Advisory: Slow Captive Portals on iOS

    Publication Date: 7 July 2019Last Updated: 27 August 2019 It has come to our attention that some users have been experiencing a delay in loading captive portals on Apple devices. The said delay sometimes takes up to a minute. This behavior has been observed on devices that are on iOS 12. It was also observed […]

  • Advisory: Google+ API Deprecation and Replacement

    On March 7, 2019, Google shut down legacy Google+ APIs. ANTlabs has used Google+ sign-in across its product families and we have migrated since then to Google sign-in. Some products may still carry the Google+ logo in login portals and admin user interfaces but rest assured, all ANTlabs products have already replaced it with Google […]

  • Advisory: Root privilege escalation from authenticated local console account vulnerability

    Publication Date: 1 Sep 2018 Last Updated: 5 Sep 2018 Description We are aware of a security vulnerability where a local console account user can perform root privileged escalation. Impact This is a medium-severity security vulnerability as a local authenticated non-privileged console user can gain root privilege access to the gateway. If remote shell access […]

  • Advisory: Captive Portal Redirection for HTTPS Websites

    What to do when users get browser and smartphone security warnings when connecting to your network ANTlabs gateways have a unique feature that can redirect HTTPS web requests to the captive portal or landing page. This feature was very useful earlier in comparison to other competitors that can only redirect HTTP web requests, thus enhancing […]

  • Advisory: Intel Spectre and Meltdown

    Publication Date: 10th Jan 2018 Last Updated: 19th Jan 2018 Version 1.04: Interim Description On 3rd January 2018, 3 vulnerabilities were disclosed for Intel microprocessors that could allow an attacker that has local access to a server to read privileged information belonging to other processes or the operating system by installing and executing a malicious […]

  • Advisory: Fidelio Opera Ignoring DB Sync Request from ANTlabs Gateways

    Publication Date: 17 November 2016 Description There is a PMS default setting on the Fidelio Opera system which specifies that the PMS will ignore DB sync request less than 60s. With this default setting configured, the Opera PMS will ignore all DB sync requests that it receives from our gateway within 60s of establishing connection. This […]

  • Advisory: DROWN Vulnerability (CVE-2016-0800)

    Publication Date: 7 March 2016 Updated: 15 March 2016 Description A vulnerability that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. The Traffic between clients and non-vulnerable servers can be decrypted if another server supporting SSLv2 and EXPORT ciphers shares the […]