id: allow-untrusted-certificates

info:
  name: System Allows Untrusted Certificates
  author: princechaddha
  severity: medium
  description: Checks if the system allows untrusted certificates to be installed.
  impact: |
    Installing untrusted certificates can lead to man-in-the-middle attacks and data theft.
  remediation: |
    Ensure that untrusted certificates are blocked and only allow trusted certificates to be installed.
  tags: certificates,untrusted,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    pattern: "*.ps1"
    source: |
      $certs = Get-ChildItem -Path Cert:\CurrentUser\Disallowed; if ($certs.Count -gt 0) { "Misconfigured certificates detected:`n" + ($certs.Subject -join "`n") } else { "No untrusted certificates detected." }

    matchers:
      - type: word
        words:
          - "Misconfigured certificates detected"
# digest: 490a00463044022037ccc8b7b278209cac3d7a3c509ae602ca7450ddb8140b3f7b309b6fddbf548302203cc568d0773a006016cfa825bdb24569e971fb5833708a232f8100d5497718ad:922c64590222798bb761d5b6d8e72950