Earlier, I wrote about management interfaces and how they represent big, fat attack surfaces if exposed to the Internet. In general, this topic has gotten very little exposure in the media, where people tend to focus on the vulnerability of the day and move on. Very little attention is paid to the fact that a given vulnerability would not be directly exploitable if the interfaces were not exposed to the Internet in the first place.
Read the full article investigation into the pfSense Web UI at the Public Exposure blog.