Bug #4497

Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!

Added by Matthias Güntert about 5 years ago. Updated about 1 month ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


I have noticed some really strange behaviour when using a specific password for a freeradius user account. Somehow I can't use the password 'W!f!4c3ss.' (without the quotes).

Everytime I enter the mentioned password and click on save the WebGUI shows "01 unread notice" - "Acknowledge All Notices" - "[pfSense is restoring the configuration /cf/conf/backup/config-1425739xxxx.xml]". The changes are then not getting applied (checked within /usr/pbi/freeradius-amd64/local/etc/raddb/users). Every other password works. I guess there is something wrong with the way the input gets parsed.

This seems independent of the browser in use. Tested with Chrome (40.0.2214.115 m) and Internet Explorer 11 (11.0.9600.17631).

Associated revisions

Revision 5ee65c00 (diff)
Added by Jim Pingle 19 days ago

CDATA encode FreeRADIUS user names/passwords. Issue #4497


#1 Updated by Paul K about 5 years ago

I tried to reproduce this using the password you provided, but it worked just fine. Then I noticed that your last name contains umlaut so I tried to create user with username Güntert and sure enough it failed.

#2 Updated by Matthias Güntert about 5 years ago

The user for which I have set this password does not contain any umlauts!

#3 Updated by Chris Buechler over 4 years ago

  • Affected Version changed from 2.2 to All

#4 Updated by Viktor Gurov about 1 month ago

This fix allow to use only ^[a-zA-Z0-9_.-]*$ for usernames:

#5 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review

#6 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

Also available in: Atom PDF