mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
53 lines
1.6 KiB
YAML
53 lines
1.6 KiB
YAML
id: weak-password-complexity
|
|
|
|
info:
|
|
name: Linux Password Complexity Not Enforced
|
|
author: songyaeji
|
|
severity: high
|
|
description: |
|
|
The system did not enforce password complexity policies. This allowed weak passwords to be used, increasing the risk of unauthorized access through brute-force or dictionary attacks.
|
|
reference:
|
|
- https://isms.kisa.or.kr/main/csap/notice/
|
|
metadata:
|
|
verified: true
|
|
tags: linux,audit,kisa,compliance,local
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
cat /etc/security/pwquality.conf 2>/dev/null || true
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
grep pam_pwquality.so /etc/pam.d/system-auth /etc/pam.d/common-password 2>/dev/null || true
|
|
|
|
matchers:
|
|
- type: regex
|
|
part: code_1_response
|
|
name: password-quality
|
|
regex:
|
|
- 'minlen\s*=\s*[0-7]' # Password length < 8 characters
|
|
- 'dcredit\s*=\s*0' # No digit requirement
|
|
- 'ucredit\s*=\s*0' # No uppercase requirement
|
|
- 'lcredit\s*=\s*0' # No lowercase requirement
|
|
- 'ocredit\s*=\s*0' # No special character requirement
|
|
condition: or
|
|
|
|
- type: word
|
|
part: code_2_response
|
|
name: pam
|
|
words:
|
|
- "pam_pwquality.so"
|
|
|
|
- type: word
|
|
part: code_2_response
|
|
words:
|
|
- "enforce_for_root"
|
|
negative: true
|
|
# digest: 4a0a0047304502205eadb4120795f68664a87a1dab81fc7689129a557e7015183bde1abbb79a45dd022100bd33c36e4f6b2b0e4451d33097cfced790ae0cb8289e7f259926e220a243b895:922c64590222798bb761d5b6d8e72950 |