forked from p15670423/monkey
Improved zero logon overview UI and added password restoration warning to overview.
This commit is contained in:
parent
8b7e0d0fa0
commit
94ac75e649
|
@ -715,8 +715,7 @@ class ReportService:
|
|||
elif issue['type'] == 'drupal':
|
||||
issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
|
||||
elif issue['type'] == 'zerologon':
|
||||
# TODO fix to propperly set restoration flag
|
||||
if issue['info']['zero_logon_restore_failed']:
|
||||
if issue['password_restored']:
|
||||
issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON_CRED_RESTORE_FAILED.value] = True
|
||||
issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
|
||||
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
|
||||
|
|
|
@ -306,10 +306,6 @@ class ReportPageComponent extends AuthComponent {
|
|||
<li>Drupal servers are susceptible to a remote code execution vulnerability
|
||||
(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6340">
|
||||
CVE-2019-6340</a>).</li> : null}
|
||||
{this.state.report.overview.issues[this.Issue.ZEROLOGON] ?
|
||||
<li>Machines are vulnerable to 'Zerologon'
|
||||
(<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
|
||||
CVE-2020-1472</a>).</li> : null}
|
||||
{this.generateZeroLogonOverview()}
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -375,14 +371,14 @@ class ReportPageComponent extends AuthComponent {
|
|||
if(this.state.report.overview.issues[this.Issue.ZEROLOGON_CRED_RESTORE_FAILED]) {
|
||||
zeroLogonOverview.push(<span>
|
||||
<WarningIcon/> Automatic password restoration on a domain controller failed!
|
||||
<Button variant={"link"} href={"#"} className={'security-report-link'}>
|
||||
<Button variant={"link"} href={"#"} target={"_blank"} className={"security-report-link"}>
|
||||
Restore your domain controller's password manually.</Button>
|
||||
</span>)
|
||||
}
|
||||
if(this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
|
||||
zeroLogonOverview.push(<>
|
||||
Some domain controllers are vulnerable to ZeroLogon exploiter(
|
||||
<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
|
||||
<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472" target={"_blank"}>
|
||||
CVE-2020-1472</a>)!
|
||||
</>)
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue