Fortinet, Palo, Checkpoint, Cisco, Sonicwall ... is there any big firewall vendor that didn't have any critical vulnerabilities last year?
Obsolete binaries not updated for years, hardcoded secrets… this is what you get in firewalls like any other piece of black box equipment.
Yep. Closed source is for the software that no one would ever buy if they could read it.
And every service runs as root. This enables the CRL webserver to download /etc/shadow ...
Or user sessions persist on the filesystem so a glitch on the captive portal’s web server allow you to get clear text username and password for currently connected vpn sessions …
Security by obscurity may work in delaying exploits, but once someone breaks the obscurity, they have a headstart on exploiting it over those hoping to fix it.
Security by old software, or how I call it: the ivanti approach
Did nftables or ebpf have any critical zero days last year?
AFAIK not. This meme is targeted at commercial firewall appliances, that often have VPN/IPS/authentication and many other features that are exploited regularly.
Mikrotik & pfSense?
sounds correct
Only the hottest memes in Cybersecurity