Since the authentication is not working on my system for some reason, can a random device connect to my system and steal data from my database?
This entirely depends on how you have things configured. Is your MongoDB instance listening on 0.0.0.0? Do you have NAT setup to allow the world access to your MongoDB instance?
If you’ve properly secured your infrastructure, GenieACS is secure. With no connection auth, the worst that can happen is a rogue device connects and gets configuration applied. But again, that depends on how you have things setup.
In our environment, CPE management is on a separate VLAN, only accessible to CPEs and everything is heavily firewalled. If a rogue device manages to connect, nothing will happen (unless the rogue device spoofs mac and serial number) because all configuration requests are validated against a list of known active CPEs.
thank you for your answer. can you help me solve the authentication problem? i tried solutions on forum but nothing worked. I posted this and didn’t get an answer.
There are two different authentication mechanisms. One for CPE to ACS auth (cwmp.auth) and one for ACS → CPE auth (cwmp.connectionRequestAuth).
If you are using the default inform script that comes with GenieACS v1.2, then there is nothing that needs to change to enable ACS → CPE auth.
If you want to require all CPEs to authenticate, then you need to put a configuration on all of your devices before they are deployed that has the ACS URL, username and password fields set. In which case your cwmp.auth
statement will change to this:
AUTH(username, password) OR AUTH("someUsername", "somePassword")