id: password-protected-consolemenu info: name: PfSense Consolemenu Password Protection Not Implememnted - Detect author: pussycat0x severity: info description: | PfSense password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management. reference: | https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: verified: true tags: firewall,config,audit,pfsense,file file: - extensions: - xml matchers-condition: and matchers: - type: word words: - "" - "1" condition: or negative: true - type: word words: - "" - "" - "" condition: and # Enhanced by md on 2023/05/04 # digest: 490a00463044022012ee67126f50b5cf259b101b1f2b9ea34d9675f8d1741eb4edfb87b4abfeca6202207f3522cd9d8e35fe7d2dcccc815c28638b0799ceded0dbeea3572cb3f612e891:922c64590222798bb761d5b6d8e72950