pfsense -known-default-account

2023-03-08 21:20:47 +05:30 · 2023-03-08 21:20:47 +05:30 · c69f354a49
parent 83898c13d6
commit c69f354a49
1 changed files with 27 additions and 0 deletions
--- a/file/audit/pfsense/known-default-account.yaml
+++ b/file/audit/pfsense/known-default-account.yaml
@ -0,0 +1,27 @@
+id: known-default-account
+
+info:
+  name: Known Default Account - Detected
+  author: pussycat0x
+  severity: info
+  description: |
+    In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System.
+    The known default accounts are often (without limiting to) the following: 'admin'.
+  reference: |
+    https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
+  remediation: |
+    Deletes the known default accounts configured.
+  tags: firewall,config,audit,pfsense
+
+file:
+  - extensions:
+      - xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<name>admin</name>"
+          - "<descr><![CDATA[System Administrator]]></descr>"
+          - "<priv>user-shell-access</priv>"
+        condition: and