Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    M0n0wall Multiple Cross Site Request Forgery Vulnerabilities

    Off-Topic & Non-Support Discussion
    4
    5
    1725
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhatz last edited by

      M0n0wall Multiple Cross Site Request Forgery Vulnerabilities 27 Dec. 2012

      Summary
      m0n0wall is prone to multiple cross-site request-forgery vulnerabilities because it fails to properly validate POST requests.

      Vulnerable Systems:  * m0n0wall 1.33

      Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

      An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

      The following exploit codes are available:
      http://downloads.securityfocus.com/vulnerabilities/exploits/56844.html.txt

      Disclosure Timeline:
      Published: December 06 2012

      1 Reply Last reply Reply Quote 0
      • G
        gderf last edited by

        Wasn't this fixed with the release of m0n0wall 1.34 on 11/12/2012?

        1 Reply Last reply Reply Quote 0
        • D
          dhatz last edited by

          Indeed it seems the XSS vulnerability issues have been fixed, according to http://m0n0.ch/

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            These may be ones we've already fixed in 2.0.2/2.1

            They look familiar.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              cmb last edited by

              We fixed m0n0wall's CSRF issues over 2 years ago with csrfmagic, same thing they implemented recently. 2.0.2 fixed a couple that were found more recently.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy