Login page not allowing me to login. I know I have the correct pw

  • Hi all,

    First, this is my first time using pfSense. I have been reading up on how to install it on and today was the big day.

    I've followed the guide and the installation went without any problems. At one step of the guide you are prompted to change the admin password.  I am 110% certain I know what I changed it to.

    After the install and setup I login via the web gui with my new credentials and have a look around.

    After about an hour I try to login from another machine. Then it tells me I am using the incorrect credentials? I am dumbfounded. My desktop is still logged in with the credentials. I log it out to see if maybe it will only accept one admin at a time. When I try to log back in it also says I am using the incorrect credentials.

    I did find the doc on how to reset the password which will be my last resort. I am more interested in how this could have happened? if i could have been hacked? I did not add any rules - just a standard install.

    Thanks for reading - let me know if you have any suggestions.


  • Banned

    Try with a browser in safe/anonymous mode. Or wipe your cookies.

  • LAYER 8 Global Moderator

    "if i could have been hacked?"

    Love it how this is the first thing they jump too… Yeah because the first thing every hacker does once they gain access to the system is change the password so the local admins can not get in, since that wouldn't draw any attention or anything that something is wrong.

    My guess is you changed the password in the wizard, your system cached the original admin/pfsense password and now you don't know how to type what you made your password.. Maybe caplock was on or something.  What is more likely.. User can not type a password correctly or elite hackers from china broke in to your system 1 hour after you had it setup and changed the password ;)

  • Well, true - I did jump to a conclusion but only because I have never encountered an error like this before. Since I tried logging into the FW from a different computer, one that I never had logged into it before, I found it strange. The PW was not entered using Capslock. I know since I wrote it in notepad first to make sure I didn't mess up.

    Anyway - I went into the console and reset it. I also cleared the cache in the web browsers. It all works fine now :)


  • It may have been interesting to drop to the shell from console and grab the config file to see what the password really was.  It still may be possible by looking in the recent config backups.

    Never mind that's the growl password I was seeing in plain text.  Not the system admin password.  Duh.

  • Banned

    "Modern" browsers tend to "helpfully "autofill various kinds of crap they think to belong there, even on submit and when you have manually filled in something completely different.

  • LAYER 8 Global Moderator

    ^ when the tools are used correctly and understand how they work they are very helpful.. I love my lastpass for example..  But yes sometimes it can put in the wrong info.

    Are you using any sort of sync software for site passwords like lastpass or firefox sync?  You can even sync sessions across browsers, which another thing that can cause problems if not clear on how it works, and that your using it, etc.

Log in to reply