Improved zero logon overview UI and added password restoration warning to overview.

2021-02-25 15:24:03 +02:00 · 2021-02-25 15:24:03 +02:00 · 94ac75e649
parent 8b7e0d0fa0
commit 94ac75e649
2 changed files with 3 additions and 8 deletions
--- a/monkey/monkey_island/cc/services/reporting/report.py
+++ b/monkey/monkey_island/cc/services/reporting/report.py
@ -715,8 +715,7 @@ class ReportService:
                elif issue['type'] == 'drupal':
                    issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
                elif issue['type'] == 'zerologon':
-                    # TODO fix to propperly set restoration flag
-                    if issue['info']['zero_logon_restore_failed']:
+                    if issue['password_restored']:
                        issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON_CRED_RESTORE_FAILED.value] = True
                    issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
                elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
--- a/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
+++ b/monkey/monkey_island/cc/ui/src/components/report-components/SecurityReport.js
@ -306,10 +306,6 @@ class ReportPageComponent extends AuthComponent {
                    <li>Drupal servers are susceptible to a remote code execution vulnerability
                      (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">
                      CVE-2019-6340</a>).</li> : null}
-                  {this.state.report.overview.issues[this.Issue.ZEROLOGON] ?
-                    <li>Machines are vulnerable to 'Zerologon'
-                      (<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
-                      CVE-2020-1472</a>).</li> : null}
                  {this.generateZeroLogonOverview()}
                </ul>
              </div>
@ -375,14 +371,14 @@ class ReportPageComponent extends AuthComponent {
    if(this.state.report.overview.issues[this.Issue.ZEROLOGON_CRED_RESTORE_FAILED]) {
      zeroLogonOverview.push(<span>
        <WarningIcon/> Automatic password restoration on a domain controller failed!
-        <Button variant={"link"} href={"#"} className={'security-report-link'}>
+        <Button variant={"link"} href={"#"} target={"_blank"} className={"security-report-link"}>
        Restore your domain controller's password manually.</Button>
        </span>)
    }
    if(this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
      zeroLogonOverview.push(<>
          Some domain controllers are vulnerable to ZeroLogon exploiter(
-        <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
+        <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472" target={"_blank"}>
                      CVE-2020-1472</a>)!
        </>)
    } else {