31 lines
1.2 KiB
YAML
31 lines
1.2 KiB
YAML
id: known-default-account
|
|
|
|
info:
|
|
name: PfSense Known Default Account - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
PfSense configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'.
|
|
reference: |
|
|
- https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
|
cvss-score: 0
|
|
cwe-id: CWE-200
|
|
tags: audit,config,file,firewall,pfsense
|
|
|
|
file:
|
|
- extensions:
|
|
- xml
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "<name>admin</name>"
|
|
- "<descr><![CDATA[System Administrator]]></descr>"
|
|
- "<priv>user-shell-access</priv>"
|
|
condition: and
|
|
|
|
# Enhanced by md on 2023/05/04
|
|
# digest: 490a00463044022063556ee4b394affce60a28ef8106e7bafe299aaee1d4e84e1e295562373442bd022068de7e8f0dbacab446bc723067113de16f48cb61438deb36b1fa2a0d79d9236b:922c64590222798bb761d5b6d8e72950 |