28 lines
851 B
YAML
28 lines
851 B
YAML
id: known-default-account
|
|
|
|
info:
|
|
name: Known Default Account - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System.
|
|
The known default accounts are often (without limiting to) the following: 'admin'.
|
|
reference: |
|
|
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
|
|
remediation: |
|
|
Deletes the known default accounts configured.
|
|
tags: firewall,config,audit,pfsense
|
|
|
|
file:
|
|
- extensions:
|
|
- xml
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "<name>admin</name>"
|
|
- "<descr><![CDATA[System Administrator]]></descr>"
|
|
- "<priv>user-shell-access</priv>"
|
|
condition: and
|