2023-03-16 17:34:50 +00:00
id : enable-https-protocol
info :
2023-12-14 03:48:19 +00:00
name : Pfsense Web Admin Management Portal HTTPS Not Set - Detect
2023-03-16 17:34:50 +00:00
author : pussycat0x
severity : info
description : |
2023-12-12 23:25:50 +00:00
PfSense Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
2023-03-16 17:34:50 +00:00
reference : |
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
2023-05-04 15:17:00 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
2023-10-14 11:27:55 +00:00
cvss-score : 0
2023-05-04 15:17:00 +00:00
cwe-id : CWE-200
2023-03-22 19:14:55 +00:00
metadata :
verified : true
2023-03-16 17:34:50 +00:00
tags : firewall,config,audit,pfsense,file
2023-12-12 23:25:50 +00:00
2023-03-16 17:34:50 +00:00
file :
- extensions :
- xml
matchers-condition : and
matchers :
- type : word
words :
- "<webgui>"
- "<protocol>https</protocol>"
2023-03-17 02:41:22 +00:00
condition : and
2023-03-16 17:34:50 +00:00
negative : true
- type : word
words :
2023-03-22 19:01:22 +00:00
- "<pfsense>"
2023-03-22 19:14:55 +00:00
- "<system>"
condition : and
2023-05-04 15:17:00 +00:00
# Enhanced by md on 2023/05/04
2024-01-04 06:57:22 +00:00
# digest: 4a0a0047304502202121bc19669faaa0f0e0fc8bc72138f3eb44eea7209ff5bbc2d8121f58350389022100d43403a09e74c0d72f54de7d9dad2e0af0f1fa4ba7ea551188dccde47e010856:922c64590222798bb761d5b6d8e72950