Enhancement: file/audit/pfsense/configure-session-timeout.yaml by md

2023-05-04 11:11:51 -04:00 · 2023-05-04 11:11:51 -04:00 · 111206fa91
parent d53afe469b
commit 111206fa91
1 changed files with 8 additions and 2 deletions
--- a/file/audit/pfsense/configure-session-timeout.yaml
+++ b/file/audit/pfsense/configure-session-timeout.yaml
@ -1,13 +1,17 @@
 id: configure-session-timeout

 info:
-  name: Configure Sessions Timeout
+  name: Netgate Configure Sessions Timeout - Detect
  author: pussycat0x
  severity: info
  description: |
-    Indefinite or even long session timeout window increase the risk of attackers abusing abandoned sessions.
+    Netgate configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
  metadata:
    verified: true
  tags: firewall,config,audit,pfsense,file
@ -31,3 +35,5 @@ file:
          - "<webgui>"
          - "<system>"
        condition: and
+
+# Enhanced by md on 2023/05/04