2022-09-08 13:28:46 +00:00
id : inactivity-timeout
info :
2023-07-06 05:23:49 +00:00
name : Fortinet Inactivity Timeout Not Implemented - Detect
2022-09-08 13:28:46 +00:00
author : pussycat0x
severity : info
2023-05-03 22:20:06 +00:00
description : If Fortinet inactivity timeout functionality is disabled, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations within that window if the administrator is away from the computer.
2022-09-08 13:28:46 +00:00
reference : https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
2023-05-03 22:20:06 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
2023-10-14 11:27:55 +00:00
cvss-score : 0
2023-05-03 22:20:06 +00:00
cwe-id : CWE-200
2023-04-14 19:43:08 +00:00
tags : audit,config,file,firewall,fortigate
2022-09-08 13:28:46 +00:00
file :
- extensions :
- conf
matchers-condition : and
matchers :
- type : word
words :
- "set admin-console-timeout"
negative : true
- type : word
words :
- "config system"
- "config router"
- "config firewall"
2023-04-14 19:43:08 +00:00
condition : or
2023-05-03 22:20:06 +00:00
# Enhanced by md on 2023/05/03
2023-10-19 13:13:52 +00:00
# digest: 4a0a00473045022100cea6b95920897938fc382b500396ac8f32ff99b0eec0ecaf088fb5cb0449776802202a68db332abee65d2afb58c2fa4c6934543e89992df389a9f324ad70d6a67c9b:922c64590222798bb761d5b6d8e72950