Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Console Screen and Password change

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pinoyboy
      last edited by

      When you are on the actual console of pfSense (not web configurator), there's an option to reset the password without authentication.  Did I miss an area where it requires previous password?  If there isn't, then this seems to be very open security hole - being able to change password just because you have access to the console directly.

      1 Reply Last reply Reply Quote 0
      • B
        blak111
        last edited by

        If you have your console open to access you have risk of people booting from other media and getting rid of any protection anyway, but there is an option under system > advanced to disable that console access.

        P.S. Even on Cisco hardware, you can always get into a router with a password on it by telling it to ignore the config on boot up. They added a no service password recovery option to still require the password, but you can still interrupt the boot earlier to get past that.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.