Project

General

Profile

Actions

Bug #4497

closed

Using a specific password within FreeRADIUS user management causes pfSense to restore a backup!

Added by Matthias Güntert over 6 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
FreeRADIUS
Target version:
Start date:
03/07/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
amd64

Description

I have noticed some really strange behaviour when using a specific password for a freeradius user account. Somehow I can't use the password 'W!f!4c3ss.' (without the quotes).

Everytime I enter the mentioned password and click on save the WebGUI shows "01 unread notice" - "Acknowledge All Notices" - "[pfSense is restoring the configuration /cf/conf/backup/config-1425739xxxx.xml]". The changes are then not getting applied (checked within /usr/pbi/freeradius-amd64/local/etc/raddb/users). Every other password works. I guess there is something wrong with the way the input gets parsed.

This seems independent of the browser in use. Tested with Chrome (40.0.2214.115 m) and Internet Explorer 11 (11.0.9600.17631).

Actions #1

Updated by Paul K over 6 years ago

I tried to reproduce this using the password you provided, but it worked just fine. Then I noticed that your last name contains umlaut so I tried to create user with username Güntert and sure enough it failed.

Actions #2

Updated by Matthias Güntert over 6 years ago

The user for which I have set this password does not contain any umlauts!

Actions #3

Updated by Chris Buechler about 6 years ago

  • Affected Version changed from 2.2 to All
Actions #4

Updated by Viktor Gurov almost 2 years ago

This fix allow to use only ^[a-zA-Z0-9_.-]*$ for usernames:
https://github.com/pfsense/FreeBSD-ports/pull/775

Actions #5

Updated by Jim Pingle almost 2 years ago

  • Status changed from New to Pull Request Review
Actions #6

Updated by Renato Botelho almost 2 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100
Actions #7

Updated by Jim Pingle over 1 year ago

  • Target version set to 2.4.5-p1
Actions #8

Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Resolved

Field is CDATA escaped in the config. Password W!f!4c3ss. was saved without error and present in the config after.

Actions

Also available in: Atom PDF