Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
CVE-2019-11816. Feature request again due to this
« previous
next »
Print
Pages: [
1
]
Author
Topic: CVE-2019-11816. Feature request again due to this (Read 2583 times)
Jack V
Newbie
Posts: 17
Karma: 2
CVE-2019-11816. Feature request again due to this
«
on:
May 28, 2019, 07:34:26 pm »
A couple of years back I asked if it was possible to disable the web gui and only use ssh/console to be more secure.
The answer I got back then was: "We don't understand the user case"
So again, can this feature please be created ?
Just a simple switch after console login Enable/Disable web gui, that's all.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: CVE-2019-11816. Feature request again due to this
«
Reply #1 on:
May 28, 2019, 09:54:24 pm »
Then you can just install HBSD, write a small pf script and let it run
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
hbc
Hero Member
Posts: 501
Karma: 47
Re: CVE-2019-11816. Feature request again due to this
«
Reply #2 on:
May 28, 2019, 10:08:55 pm »
Isn't this the same as this:
https://forum.opnsense.org/index.php?topic=12861.msg59609#msg59609
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
franco
Administrator
Hero Member
Posts: 17669
Karma: 1612
Re: CVE-2019-11816. Feature request again due to this
«
Reply #3 on:
June 03, 2019, 04:13:48 pm »
You miss the point: these are privilege escalations of given limited privileges in the web GUI, not remote code execution of running exposed services. Some have existed in *sense code for the better part of a decade because nobody cared to implement a safe ACL or actually use it on a large scale giving partial admin GUI access to untrusted sources.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
CVE-2019-11816. Feature request again due to this