2022-09-08 13:28:46 +00:00
id : inactivity-timeout
info :
2023-07-06 05:23:49 +00:00
name : Fortinet Inactivity Timeout Not Implemented - Detect
2022-09-08 13:28:46 +00:00
author : pussycat0x
severity : info
2023-05-03 22:20:06 +00:00
description : If Fortinet inactivity timeout functionality is disabled, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations within that window if the administrator is away from the computer.
2022-09-08 13:28:46 +00:00
reference : https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
2023-05-03 22:20:06 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
2023-10-14 11:27:55 +00:00
cvss-score : 0
2023-05-03 22:20:06 +00:00
cwe-id : CWE-200
2023-04-14 19:43:08 +00:00
tags : audit,config,file,firewall,fortigate
2023-12-14 03:56:01 +00:00
2022-09-08 13:28:46 +00:00
file :
- extensions :
- conf
matchers-condition : and
matchers :
- type : word
words :
- "set admin-console-timeout"
negative : true
- type : word
words :
- "config system"
- "config router"
- "config firewall"
2023-04-14 19:43:08 +00:00
condition : or
2023-05-03 22:20:06 +00:00
# Enhanced by md on 2023/05/03
2024-01-04 06:57:22 +00:00
# digest: 4a0a00473045022041387e7ef55b094494bcfb9a6eae4ff8ad3c74272b997521e525cfbbeccc90cf022100db5505a6eef5616090297755b5660c0a7365fbde04b2bf137704f64913258eff:922c64590222798bb761d5b6d8e72950