Enhancement: file/audit/pfsense/configure-session-timeout.yaml by md
parent
d53afe469b
commit
111206fa91
|
@ -1,13 +1,17 @@
|
||||||
id: configure-session-timeout
|
id: configure-session-timeout
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Configure Sessions Timeout
|
name: Netgate Configure Sessions Timeout - Detect
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: info
|
severity: info
|
||||||
description: |
|
description: |
|
||||||
Indefinite or even long session timeout window increase the risk of attackers abusing abandoned sessions.
|
Netgate configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference: |
|
reference: |
|
||||||
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
|
cvss-score: 0.0
|
||||||
|
cwe-id: CWE-200
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
tags: firewall,config,audit,pfsense,file
|
tags: firewall,config,audit,pfsense,file
|
||||||
|
@ -31,3 +35,5 @@ file:
|
||||||
- "<webgui>"
|
- "<webgui>"
|
||||||
- "<system>"
|
- "<system>"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by md on 2023/05/04
|
||||||
|
|
Loading…
Reference in New Issue