Merge pull request #6862 from projectdiscovery/pussycat0x-patch-3

pfsense -known-default-account
2023-03-09 00:59:38 +05:30 · 2023-03-09 00:59:38 +05:30 · bcb690bd61
parent 63b4a232e5 ae4418e7c3
commit bcb690bd61
1 changed files with 27 additions and 0 deletions
--- a/file/audit/pfsense/known-default-account.yaml
+++ b/file/audit/pfsense/known-default-account.yaml
@ -0,0 +1,27 @@
+id: known-default-account
+
+info:
+  name: Known Default Account - Detect
+  author: pussycat0x
+  severity: info
+  description: |
+    In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System.
+    The known default accounts are often (without limiting to) the following: 'admin'.
+  reference: |
+    - https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
+  remediation: |
+    Deletes the known default accounts configured.
+  tags: firewall,config,audit,pfsense
+
+file:
+  - extensions:
+      - xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<name>admin</name>"
+          - "<descr><![CDATA[System Administrator]]></descr>"
+          - "<priv>user-shell-access</priv>"
+        condition: and