PfSense Known Default Account - Detect
ID: known-default-account
Severity: info
Author: pussycat0x
Tags: audit,config,file,firewall,pfsense
Description
Section titled “Description”PfSense configured known default accounts are recommended to be deleted. In order to attempt access to known devices’ platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, ‘admin’.
YAML Source
Section titled “YAML Source”id: known-default-account
info: name: PfSense Known Default Account - Detect author: pussycat0x severity: info description: | PfSense configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'. reference: | - https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 tags: audit,config,file,firewall,pfsense
file: - extensions: - xml
matchers-condition: and matchers: - type: word words: - "<name>admin</name>" - "<descr><![CDATA[System Administrator]]></descr>" - "<priv>user-shell-access</priv>" condition: and
# Enhanced by md on 2023/05/04# digest: 490a004630440220030815d5084c713b40abb07cb9dcd2c1395f2f17227825b69ff01fd3270a60d402207b19676f1591c543224f59277dbd55a6480857af4a0ba4882fca604bd1573ce6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "file/audit/pfsense/known-default-account.yaml"