nuclei-templates/file/audit/pfsense/password-protected-consolemenu.yaml

id: password-protected-consolemenu

info:
  name: Configure Password Protected on Console Menu
  author: pussycat0x
  severity: info
  description: |
    An unattended computer with an open Console Menu session to the device could allow an unauthorized user access to the firewall’s management.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
  tags: firewall,config,audit,pfsense,file

file:
  - extensions:
      - xml

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<disableconsolemenu>"
          - "<disableconsolemenu>1</disableconsolemenu>"
        condition: or
        negative: true

      - type: word
        words:
          - "<webgui>"
          - "<system>"