Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense Vulnerability

    General pfSense Questions
    4
    4
    624
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177
      BBcan177 Moderator last edited by

      Has anyone taken a look at this post?

      https://forum.pfsense.org/index.php/topic,72057.msg393172.html#msg393172

      1 Reply Last reply Reply Quote 0
      • chpalmer
        chpalmer last edited by

        • Session Hijacking also possible to steal less privileged user sessions toperform this trick  due to "http" admin by default webConfigurator.

        Is this a true statement?  Seems to me that default is "https".

        1 Reply Last reply Reply Quote 0
        • stephenw10
          stephenw10 Netgate Administrator last edited by

          More details (in english) here:
          http://seclists.org/fulldisclosure/2014/Jan/187

          Steve

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            It was fixed the same day. It's not a vulnerability in the base system, just that one package. Since it was a package, it was simple to fix and people can update their packages and not worry. It's a non-issue anyhow for most, as it only matters if you have untrusted users logging into your GUI and you have given them access to the snort package.

            1 Reply Last reply Reply Quote 0

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2020 Rubicon Communications, LLC | Privacy Policy