nuclei-templates/file/audit/pfsense/configure-session-timeout.yaml

40 lines
1.1 KiB
YAML

id: configure-session-timeout
info:
name: PfSence Configure Sessions Timeout Not Set - Detect
author: pussycat0x
severity: info
description: |
Configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
reference: |
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
verified: true
tags: firewall,config,audit,pfsense,file
file:
- extensions:
- xml
matchers-condition: and
matchers:
- type: word
words:
- "<session_timeout>"
- "<session_timeout>0</session_timeout>"
condition: or
negative: true
- type: word
words:
- "<pfsense>"
- "<webgui>"
- "<system>"
condition: and
# Enhanced by md on 2023/05/04