id: configure-session-timeout info: name: PfSense Configure Sessions Timeout Not Set - Detect author: pussycat0x severity: info description: | Configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. reference: | https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: verified: true tags: firewall,config,audit,pfsense,file file: - extensions: - xml matchers-condition: and matchers: - type: word words: - "" - "0" condition: or negative: true - type: word words: - "" - "" - "" condition: and # Enhanced by md on 2023/05/04 # digest: 4b0a004830460221008eba08b85ba95940807021dd80e8d2aa75fabfbe6706871968b674720671fa85022100cc57c109bd39376341a80bf84d4c5ef3f2a6f396792ca7ea3876860f54cf38d6:922c64590222798bb761d5b6d8e72950