Seeing the following message in System - Log Files - Audit
"user \x1b[A\x1b[A could not authenticate for login. [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]"
Not sure if this could be a bug or if I should be concerned about a compromise attempt.
Can anyone add any context to this ? the username looks like an ANSI escape sequence
https://gist.github.com/ConnerWill/d4b6c776b509add763e17f9f113fd25b
This is easily reproduceable by hitting the up-arrow key twice at the console login prompt. Then press enter twice.
The username will be shown in the audit log like you've stated.