Surprise, another router backdoor discovered!

Remember when the backdoor was discovered and then closed by multiple companies via firmware updates? Well not really it was just re-designed. Very disappointing!


http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf

 

pfSense has its own version of this If two network adapters are found and assigned, the first is always WAN, and the second is always LAN. By default, in that case, pfSense automatically serves its WebGUI (HTTPS) on LAN, with the obvious and well known password "pfsense". That's normal for routers. However, if for whatever reason, pfSense has but one network adapter, it is WAN, and pfSense automatically serves its WebGUI on it That's admittedly a somewhat unusual situation. Normally, router hardware has at least two network adapters. And for "router-on-a-stick" setups, with one network adapter and vLANs for WAN and LAN(s) from a smart switch, users would configure those vLANs at setup. pfSense specifically prompts about vLANs during setup.

Even so, if one works hard enough, it is possible to expose the pfSense WebGUI on the Internet.

Also, for those who like to play, I note that adding a second interface, even a VPN with no access to pfSense, the anti-lockout rule on WAN disappears, and one is locked out from the WebGUI That can be easily fixed through the console, however

 

Thank you for the pdf document ... the best way to read things online.
It is a very robust format and never before exploited.
Mrk

 

Don't think this is going to change soon. Cisco Lawful Intercept FAQ:
www.cisco.com/en/US/technologies/tk583/tk799/faq.html

 

Easter egg: DSL router patch merely hides backdoor instead of closing it.

http://arstechnica.com/security/201...-merely-hides-backdoor-instead-of-closing-it/