Enhancement: file/audit/pfsense/enable-https-protocol.yaml by md

2023-05-04 11:17:00 -04:00 · 2023-05-04 11:17:00 -04:00 · 7af50a25f0
parent 9c08a5f73a
commit 7af50a25f0
1 changed files with 8 additions and 3 deletions
--- a/file/audit/pfsense/enable-https-protocol.yaml
+++ b/file/audit/pfsense/enable-https-protocol.yaml
@ -1,14 +1,17 @@
 id: enable-https-protocol

 info:
-  name: Enable HTTPS on Web Management
+  name: Netgate Web Admin Management Portal/HTTPS - Detect
  author: pussycat0x
  severity: info
  description: |
-    Web Admin Management Portal should only be accessed using HTTPS Protocol.HTTP transmits all data (including passwords) in clear text over the network and
-    provides no assurance of the identity of the hosts involved.
+    Netgate Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
  metadata:
    verified: true
  tags: firewall,config,audit,pfsense,file
@ -31,3 +34,5 @@ file:
          - "<pfsense>"
          - "<system>"
        condition: and
+
+# Enhanced by md on 2023/05/04