Bypassing Brute Force Protection in Netgate pfSense Software

Bypassing Brute Force Protection in Netgate pfSense Software

CVE-2023-27100 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.

Learn more about our Web App Pen Testing.