Bug #4497
closedUsing a specific password within FreeRADIUS user management causes pfSense to restore a backup!
100%
Description
I have noticed some really strange behaviour when using a specific password for a freeradius user account. Somehow I can't use the password 'W!f!4c3ss.' (without the quotes).
Everytime I enter the mentioned password and click on save the WebGUI shows "01 unread notice" - "Acknowledge All Notices" - "[pfSense is restoring the configuration /cf/conf/backup/config-1425739xxxx.xml]". The changes are then not getting applied (checked within /usr/pbi/freeradius-amd64/local/etc/raddb/users). Every other password works. I guess there is something wrong with the way the input gets parsed.
This seems independent of the browser in use. Tested with Chrome (40.0.2214.115 m) and Internet Explorer 11 (11.0.9600.17631).
Updated by Paul K over 9 years ago
I tried to reproduce this using the password you provided, but it worked just fine. Then I noticed that your last name contains umlaut so I tried to create user with username Güntert and sure enough it failed.
Updated by Matthias Güntert over 9 years ago
The user for which I have set this password does not contain any umlauts!
Updated by Chris Buechler almost 9 years ago
- Affected Version changed from 2.2 to All
Updated by Viktor Gurov over 4 years ago
This fix allow to use only ^[a-zA-Z0-9_.-]*$ for usernames:
https://github.com/pfsense/FreeBSD-ports/pull/775
Updated by Jim Pingle over 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho over 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
Updated by Jim Pingle over 4 years ago
- Status changed from Feedback to Resolved
Field is CDATA escaped in the config. Password W!f!4c3ss.
was saved without error and present in the config after.