Web login with admin user fails, but serial console login with admin works!?
-
I have an SG1100, which has been in use for a long time. Recently I decided to change the admin password as Lastpass are incompatant. Since I changed the admin user password in the webGUI I had problems.
-
Login to pfsense webGUI as admin with old-password
-
Change user 'admin' password to new-password
-
Sign out from webGUI.
-
Cannot sign in to webGUI with new-password or old-password!?!?
-
Connect to serial console and login as admin with old-password WORKED
-
Reset webconfigurator password
-
Sign out from serial console
-
Login to pfsense webGUI as admin with default-password. Alert shown to change default password.
-
Change admin user password to old-password
-
Sign out from webGUI.
-
Cannot sign in to webGUI with default-password, new-password or old-password!?!?
I can reset the web-configurator password again and regain access, but this is not good.
What can I do?
I have considered using a spare SG1100 and reload the last config. How do I get the config?
Maybe I can try something less drastic first?
TIA.
-
-
@greeners I figured it out - RMM tools were scanning the network, causing pfsense to believe it was under an SSH attack, and locked down the account. Interesting that the webGUI login was locked but serial console login was allowed (lucky for me). Since I disabled network scanning the problem has gone away.
-
@greeners said in Web login with admin user fails, but serial console login with admin works!?:
@greeners I figured it out - RMM tools were scanning the network, causing pfsense to believe it was under an SSH attack, and locked down the account. Interesting that the webGUI login was locked but serial console login was allowed (lucky for me). Since I disabled network scanning the problem has gone away.
The anti-brute force detection doesn't care about the account, it protects at a network level. So it blocks the source of the attack, but that means the attacker can't reach the GUI port or SSH port. It wouldn't affect logging into the account if you can reach the GUI.
-
@jimp thank you. Your explanation of 'anti-brute force protection' explains it perfectly. The RMM tool used an agent on my desktop PC, which explains why I could not log in to the webGUI from my desktop PC but I could login from the serial console.
I will look in the pfsense docs for more information on 'anti-brute force' and see what I can do to allow legit network discovery, but not trigger my pfsense firewall alerting.