Pfsense Vulnerability
-
Has anyone taken a look at this post?
https://forum.pfsense.org/index.php/topic,72057.msg393172.html#msg393172
-
- Session Hijacking also possible to steal less privileged user sessions toperform this trick due to "http" admin by default webConfigurator.
Is this a true statement? Seems to me that default is "https".
-
More details (in english) here:
http://seclists.org/fulldisclosure/2014/Jan/187Steve
-
It was fixed the same day. It's not a vulnerability in the base system, just that one package. Since it was a package, it was simple to fix and people can update their packages and not worry. It's a non-issue anyhow for most, as it only matters if you have untrusted users logging into your GUI and you have given them access to the snort package.
