nuclei-templates/file/audit/pfsense/known-default-account.yaml

31 lines
1.2 KiB
YAML

id: known-default-account
info:
name: PfSense Known Default Account - Detect
author: pussycat0x
severity: info
description: |
PfSense configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
reference: |
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
tags: audit,config,file,firewall,pfsense
file:
- extensions:
- xml
matchers-condition: and
matchers:
- type: word
words:
- "<name>admin</name>"
- "<descr><![CDATA[System Administrator]]></descr>"
- "<priv>user-shell-access</priv>"
condition: and
# Enhanced by md on 2023/05/04
# digest: 490a00463044022063556ee4b394affce60a28ef8106e7bafe299aaee1d4e84e1e295562373442bd022068de7e8f0dbacab446bc723067113de16f48cb61438deb36b1fa2a0d79d9236b:922c64590222798bb761d5b6d8e72950