dav wrotenuclearcat wroteDNA wrotegreat job discussing this on public forums, kudos to all of you geniuses for this wonderful discovery *facepalm*
This silliest flaw should not exist in general, if proper configuration done. The reason such loophole exist beyond my understanding.
I reported many issues to Ogero, but honestly their interest in security and reliability is so low, that i wont always even get "thank you" , and never issues fixed in reasonable time. Last pack of issues i reported - almost 2 weeks passed, full silence, thats very sad.
this is not a security issue... it's enough to create a pppoe password of 32 alphanumerical characters... no one will guess it... it's up to you if you want to offer it... LOL
Excuse me, if you wanna talk about it here yes this is a security issue that needs to be fixed, it's very simple and anyone with decent knowledge in networking knows that a PPPOE account should be flagged with these settings:
1- Only 1 session allowed at a time. (prevents 2 sessions on the same account)
2- Tied to a specific MAC address.(can be changed if you change the router by contacting Ogero)
that's the most basic pppoe security setup that doesn't exist at ogero.
and yes nuclearcat same here provided important suggestions a year ago and got nothing but silence.