mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-10 12:43:29 +08:00
27 lines
846 B
YAML
27 lines
846 B
YAML
id: insecure-tty-permissions
|
|
|
|
info:
|
|
name: macOS World-Readable TTY Devices
|
|
author: geeknik
|
|
severity: medium
|
|
description: |
|
|
Checks if TTY devices are readable by all users, potentially allowing session snooping.
|
|
impact: |
|
|
If TTYs are readable by all users, it may be possible for an attacker to sniff sensitive information from other users' sessions.
|
|
remediation: |
|
|
Ensure that TTYs are not readable by all users.
|
|
tags: macos,audit,local,security,tty
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
ls -l /dev/tty*
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "crw-rw-rw-.*"
|
|
# digest: 4a0a00473045022100e4abc01b85856b24dcdfa381e0bd89e145134b9bc22ca800b319461178c681740220239dac32ccb77f5a93dacc9aade8a0607f2f3fe0817dd862557c49551ef40cea:922c64590222798bb761d5b6d8e72950 |