R-fx Networks BFD – Log Forging (Deny IP) Vulnerability

BFD log forging Vulnerability

BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format.

WHMCS Complete Billing and Support

Through the use of log forging, it is possible to trick BFD into blocking any IP range (E.g: which could easily result in a malicious user creating a DoS against the server by blocking every single IPv4 address with minimal effort.

This vulnerability was tested against R-fx Networks BFD 1.5 and is believed to exist in all versions prior to the fixed builds.

This vulnerability was patched in R-fx Networks BFD 1.5-1, however, the ability to maliciously block a *single* IP address remains. Please read the following forum post for mitigation suggestions:


Posted in Security.