nuclei-templates/file/audit/pfsense/known-default-account.yaml

28 lines
851 B
YAML

id: known-default-account
info:
name: Known Default Account - Detect
author: pussycat0x
severity: info
description: |
In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System.
The known default accounts are often (without limiting to) the following: 'admin'.
reference: |
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
remediation: |
Deletes the known default accounts configured.
tags: firewall,config,audit,pfsense
file:
- extensions:
- xml
matchers-condition: and
matchers:
- type: word
words:
- "<name>admin</name>"
- "<descr><![CDATA[System Administrator]]></descr>"
- "<priv>user-shell-access</priv>"
condition: and