Surprise, another router backdoor discovered!

Discussion in 'other security issues & news' started by Palancar, Apr 19, 2014.

Thread Status:
Not open for further replies.
  1. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    pfSense has its own version of this :( If two network adapters are found and assigned, the first is always WAN, and the second is always LAN. By default, in that case, pfSense automatically serves its WebGUI (HTTPS) on LAN, with the obvious and well known password "pfsense". That's normal for routers. However, if for whatever reason, pfSense has but one network adapter, it is WAN, and pfSense automatically serves its WebGUI on it :( That's admittedly a somewhat unusual situation. Normally, router hardware has at least two network adapters. And for "router-on-a-stick" setups, with one network adapter and vLANs for WAN and LAN(s) from a smart switch, users would configure those vLANs at setup. pfSense specifically prompts about vLANs during setup.

    Even so, if one works hard enough, it is possible to expose the pfSense WebGUI on the Internet.

    Also, for those who like to play, I note that adding a second interface, even a VPN with no access to pfSense, the anti-lockout rule on WAN disappears, and one is locked out from the WebGUI :( That can be easily fixed through the console, however :)
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Thank you for the pdf document ... the best way to read things online.
    It is a very robust format and never before exploited.
    Mrk
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Easter egg: DSL router patch merely hides backdoor instead of closing it.
    http://arstechnica.com/security/201...-merely-hides-backdoor-instead-of-closing-it/
     
Loading...
Thread Status:
Not open for further replies.