FreeNAS Security Alert: Upgrade now or restrict web GUI access by IP address
Brian Adeloye of Tenable Network Security has found a vulnerability in all versions of FreeNAS before 0.7.2.5543. With this vulnerability root acccess can be gained via the web GUI without authentication.
There are two solutions:
1) Upgrade to the latest stable version of FreeNAS – 0.7.2.5543: https://sourceforge.net/projects/freenas/files/stable/0.7.2/
2) Restrict web GUI access to trusted IP addresses only.
For most people using FreeNAS in their homes behind a firewall this shouldn’t be an issue, but it is worth upgrading anyway just to be 100% sure.