Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense Vulnerability

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B Offline
      BBcan177 Moderator
      last edited by

      Has anyone taken a look at this post?

      https://forum.pfsense.org/index.php/topic,72057.msg393172.html#msg393172

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer
        last edited by

        • Session Hijacking also possible to steal less privileged user sessions toperform this trick  due to "http" admin by default webConfigurator.

        Is this a true statement?  Seems to me that default is "https".

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          More details (in english) here:
          http://seclists.org/fulldisclosure/2014/Jan/187

          Steve

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            It was fixed the same day. It's not a vulnerability in the base system, just that one package. Since it was a package, it was simple to fix and people can update their packages and not worry. It's a non-issue anyhow for most, as it only matters if you have untrusted users logging into your GUI and you have given them access to the snort package.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.