p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

UI: Check for actual stolen credentials in issues

This commit is contained in:
Ilija Lazoroski 2022-07-15 11:03:41 +02:00
parent 89f5ff89d2
commit bfda71dd45
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
View File

@ -622,6 +622,9 @@ class ReportPageComponent extends AuthComponent {
isStolenCredentialsIssue(issue) {
return ( Object.prototype.hasOwnProperty.call(issue, 'credential_type') &&
(getCredentialsSecrets(this.state.stolenCredentials, 'password').includes(issue.password) ||
getCredentialsSecrets(this.state.configuredCredentials, 'nt_hash').includes(issue.password) ||
getCredentialsSecrets(this.state.configuredCredentials, 'lm_hash').includes(issue.password)) &&
(issue.credential_type === 'PASSWORD' ||
issue.credential_type === 'NT_HASH' ||
issue.credential_type === 'LM_HASH'))