Radius logic does not check user subscription when connecting from Federez Wifi
The auth.py script does not check user subscription when the request is proxified. That means any request forward from another radius will be accepted.
As a result, someone can freely create an account on re2o without paying anything, and be granted access to the Federez Wifi from another network emitting it.
Examples:
- A Federez re2o account allows someone to freely connect to any Federez Wifi
- A RM -RF re2o account (whatever its state is) allows someone to freely connect to any Federez Wifi except the one hosted by RM -RF
The incriminated piece of code (auth.py):
# If proxified request
if not nas_type:
logger.info("Proxified request, nas unknown")
return radiusd.RLM_MODULE_OK