Fortinet, Palo, Checkpoint, Cisco, Sonicwall … is there any big firewall vendor that didn’t have any critical vulnerabilities last year?
You must log in or register to comment.
Obsolete binaries not updated for years, hardcoded secrets… this is what you get in firewalls like any other piece of black box equipment.
Security by obscurity may work in delaying exploits, but once someone breaks the obscurity, they have a headstart on exploiting it over those hoping to fix it.
Security by old software, or how I call it: the ivanti approach
That makes me nervous, but I’m not allowed to tell you why
And every service runs as root. This enables the CRL webserver to download /etc/shadow …
Or user sessions persist on the filesystem so a glitch on the captive portal’s web server allow you to get clear text username and password for currently connected vpn sessions …
Yep. Closed source is for the software that no one would ever buy if they could read it.
Mikrotik & pfSense?
sounds correct
pfsense technically shared the ssh server one i thought
The last time I installed pfsense Ssh was disabled by default.
It is, but it’s also the first thing I turn on when I install a new one.
firewalla?
Makes me glad I went with MikroTik for my home network.
No. And if there are any that say they didn’t I don’t believe them.
Did nftables or ebpf have any critical zero days last year?
AFAIK not. This meme is targeted at commercial firewall appliances, that often have VPN/IPS/authentication and many other features that are exploited regularly.
