Enhancement: file/audit/pfsense/configure-session-timeout.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-05-04 11:11:51 -04:00
parent d53afe469b
commit 111206fa91
1 changed files with 8 additions and 2 deletions

View File

@ -1,13 +1,17 @@
id: configure-session-timeout id: configure-session-timeout
info: info:
name: Configure Sessions Timeout name: Netgate Configure Sessions Timeout - Detect
author: pussycat0x author: pussycat0x
severity: info severity: info
description: | description: |
Indefinite or even long session timeout window increase the risk of attackers abusing abandoned sessions. Netgate configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
reference: | reference: |
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata: metadata:
verified: true verified: true
tags: firewall,config,audit,pfsense,file tags: firewall,config,audit,pfsense,file
@ -31,3 +35,5 @@ file:
- "<webgui>" - "<webgui>"
- "<system>" - "<system>"
condition: and condition: and
# Enhanced by md on 2023/05/04