pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available!
-
@guardian try running
/etc/rc.initialto get the menu. Only 'admin' gets the menu by default. If you have disabled this account it is now reflective in the SSH connection with the 2.6 update.
-
This post is deleted! -
HI,
any Idea how to deal with CVE-2022-0778 in the case e.g. HaProxy use inside pfSense?
BR Johannes -
@jwg014 said in pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available!:
any Idea how to deal with CVE-2022-0778 in the case e.g. HaProxy use inside pfSense?
HAProxy would only be affected if you have it configured to accept client certificates as a form of authentication. Which is possible, but rare in practice. If you have concerns about that, move the service inside a VPN where it's much more protected. As far as we can tell so far, VPNs are not likely to be as much of an issue as there are other hurdles attackers would have to overcome before the certificates come into play (e.g. TLS key protecting OpenVPN in addition to certificate auth.), and several VPN types and configs don't use certificates at all (e.g. WireGuard). We're still checking into it and keeping an eye on what people find, though.
-
This post is deleted! -
This post is deleted! -
M mleighton unpinned this topic on
-
@mleighton Were to report a security issue ?
Need a contact info, I'm not going to put on public. -
@urbanovits said in pfSense Plus version 22.01 and pfSense CE version 2.6.0 Software are Now Available!:
@mleighton Were to report a security issue ?
Need a contact info, I'm not going to put on public.https://www.netgate.com/security has the relevant contact information and procedures for reporting security issues.
