CVE-2019-11816. Feature request again due to this

Started by Jack V, May 28, 2019, 07:34:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 28, 2019, 07:34:26 PM
A couple of years back I asked if it was possible to disable the web gui and only use ssh/console to be more secure.

The answer I got back then was: "We don't understand the user case" :o

So again, can this feature please be created ?

Just a simple switch after console login Enable/Disable web gui, that's all.
May 28, 2019, 09:54:24 PM #1
Then you can just install HBSD, write a small pf script and let it run :)
May 28, 2019, 10:08:55 PM #2
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
June 03, 2019, 04:13:48 PM #3
You miss the point: these are privilege escalations of given limited privileges in the web GUI, not remote code execution of running exposed services. Some have existed in *sense code for the better part of a decade because nobody cared to implement a safe ACL or actually use it on a large scale giving partial admin GUI access to untrusted sources.


Cheers,
Franco
Print
Go Up Pages1
User actions