CVE-2011-4197

Name of the Vulnerable Software and Affected Versions pfSense versions prior to 2.0.1

Description The issue is related to the PKI implementation in pfSense, where the etc/inc/certs.inc file creates X.509 certificates with a true value for the CA basic constraint. This allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.