daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: file/audit/pfsense/known-default-account.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-05-04 11:24:28 -04:00
parent 7af50a25f0
commit e9ae0ed538
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
file/audit/pfsense/known-default-account.yaml
View File

@ -1,16 +1,17 @@
id: known-default-account
info:
name: Known Default Account - Detect
name: Netgate Known Default Account - Detect
author: pussycat0x
severity: info
description: |
In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System.
The known default accounts are often (without limiting to) the following: 'admin'.
Netgate configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
reference: |
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
remediation: |
Deletes the known default accounts configured.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: audit,config,file,firewall,pfsense
file:
@ -25,3 +26,5 @@ file:
- "<descr><![CDATA[System Administrator]]></descr>"
- "<priv>user-shell-access</priv>"
condition: and
# Enhanced by md on 2023/05/04