Shield your Firewall to Strive Against Sensitive Data Disclosure

Shield your Firewall to Strive Against Sensitive Data Disclosure

October 29, 2019
Profile Icon

Jason Franscisco

A weak firewall can cost you a lot and most importantly if the firewall is very feeble in countering the un-authorized access, there is a clear cut way to expose the targeted sensitive data along with:

  • Illegal access to protected information
  • Manipulation of the credential data
  • Spread, Span or Scam the sensitive data
  • Access illegal sites/ Downloads illegal softwares etc.,

During a part of our research program, we came across such flaccid firewall of a renowned network protector, pfSense., which typically serves as DHCP server, DNS server, WIFI access point, and VPN server which run on the same hardware device. Many small and medium enterprises implement pfSense which is captioned as world's most trusted open source firewall.

This software easily paves the path to un-ethical intruders to access the sensitive information available in the root directories, read them and can delete them effortlessly but cannot write them. We have also observed here that, pfSense is vulnerable to this type of attack as it is depending on third party libraries to address some functionality.

We have furnished our research process in detail to bring awareness on how easily the firewall can be bypassed to attack the crucial data.

Repository: - https://github.com/pfsense/pfsense-packages/tree/master/config/pfblockerng

Issues: - Arbitrary file download and deletion in pfblockerNG package.

Vulnerability Description: - The software does not strongly restrict or incorrectly restricts the access to a resource from an unauthorized actor.

Steps to reproduce:

  • Login as an admin and visit
  • Select log/file type (like DNSBL files).
  • For (DNSBL files), select file from log/file selection. For example, taking the first one in our case (Abuse_DOMBL.txt).
  • Now you'll be able to see the log file details (like log file path and option to download, delete).
  • To reproduce the issue, click on delete option you'll see the prompt. Before clicking 'ok' intercept the POST request and modify the "logfile" parameter to '/usr/local/www/crash_reporter.php' and forward the request.
  • Similarly for download file option, intercept the POST request and modify the 'logfile' parameter to '/etc/passwd' and forward the request.


An attacker can exploit the delete in pfblockerNG, log browser functionality to remove files available in the project directory.

Apart from that particular file, we also managed to delete the any file available in the other directory; an attacker can make use of the capability of arbitrary file deletion to circumvent some security measures and to execute arbitrary code on the webserver.

passwd file content

Mitigation: To protect the application from this weakness it is advised to follow these instructions:

  • Normalizing user-supplied input against such attacks like Path/Directory Traversal


Loginsoft is a dedicated web security assessment and research company with an exceptional team of white hat professionals who are always on job to assist on-demand open source applications from the perspective of cyber security. We are ever ready to offer our assistance to strengthen your security walls.

Stay Alert. Stay Secure


Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.

Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter