Author Topic: CVE-2019-11816. Feature request again due to this (Read 2581 times)

Jack V · « **on:** May 28, 2019, 07:34:26 pm »

A couple of years back I asked if it was possible to disable the web gui and only use ssh/console to be more secure.

The answer I got back then was: "We don't understand the user case"

So again, can this feature please be created ?

Just a simple switch after console login Enable/Disable web gui, that's all.

mimugmail · « **Reply #1 on:** May 28, 2019, 09:54:24 pm »

Then you can just install HBSD, write a small pf script and let it run

hbc · « **Reply #2 on:** May 28, 2019, 10:08:55 pm »

Isn't this the same as this:
https://forum.opnsense.org/index.php?topic=12861.msg59609#msg59609

franco · « **Reply #3 on:** June 03, 2019, 04:13:48 pm »

You miss the point: these are privilege escalations of given limited privileges in the web GUI, not remote code execution of running exposed services. Some have existed in *sense code for the better part of a decade because nobody cared to implement a safe ACL or actually use it on a large scale giving partial admin GUI access to untrusted sources.

Cheers,
Franco

Author Topic: CVE-2019-11816. Feature request again due to this (Read 2581 times)

Jack V

CVE-2019-11816. Feature request again due to this

mimugmail

Re: CVE-2019-11816. Feature request again due to this

hbc

Re: CVE-2019-11816. Feature request again due to this

franco

Re: CVE-2019-11816. Feature request again due to this