An issue discovered in Pfsense CE version 2.6.0 allows malicious users to compromise user accounts via weak password requirements.
pfsense pfsense 2.6.0