Pfsense Vulnerability
-
Has anyone taken a look at this post?
https://forum.pfsense.org/index.php/topic,72057.msg393172.html#msg393172
-
- Session Hijacking also possible to steal less privileged user sessions toperform this trick due to "http" admin by default webConfigurator.
Is this a true statement? Seems to me that default is "https".
-
More details (in english) here:
http://seclists.org/fulldisclosure/2014/Jan/187Steve
-
It was fixed the same day. It's not a vulnerability in the base system, just that one package. Since it was a package, it was simple to fix and people can update their packages and not worry. It's a non-issue anyhow for most, as it only matters if you have untrusted users logging into your GUI and you have given them access to the snort package.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.