daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: file/audit/fortigate/maintainer-account.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-05-03 18:21:34 -04:00
parent 4877035adb
commit b8bffb1251
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
file/audit/fortigate/maintainer-account.yaml
View File

@ -1,11 +1,15 @@
id: maintainer-account id: maintainer-account
info: info:
name: Maintainer Account Not Implemented name: Fortinet Maintainer Account - Detect
author: pussycat0x author: pussycat0x
severity: info severity: info
description: If the FortiGate is compromised and Password is not recoverable. A maintainer account can be used by an administrator with physical access to log into CLI.. description: In Fortinet, if a FortiGate is compromised and the password is not recoverable, a maintainer account can be used by an administrator with physical access to log into CLI.
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: audit,config,file,firewall,fortigate tags: audit,config,file,firewall,fortigate
file: file:
@ -25,3 +29,5 @@ file:
- "config router" - "config router"
- "config firewall" - "config firewall"
condition: or condition: or
# Enhanced by md on 2023/05/03