UI: Remove WeakPassword issue

* We don't have the passwords used for exploiting the machines
  in the UI
* All it will be reworked
This commit is contained in:
Ilija Lazoroski 2022-07-15 15:58:22 +02:00
parent 1683265868
commit c65439e049
2 changed files with 2 additions and 26 deletions

View File

@ -37,7 +37,6 @@ import {
} from './security/issues/SharedPasswordsIssue'; } from './security/issues/SharedPasswordsIssue';
import {tunnelIssueReport, tunnelIssueOverview} from './security/issues/TunnelIssue'; import {tunnelIssueReport, tunnelIssueOverview} from './security/issues/TunnelIssue';
import {stolenCredsIssueOverview} from './security/issues/StolenCredsIssue'; import {stolenCredsIssueOverview} from './security/issues/StolenCredsIssue';
import {weakPasswordIssueOverview} from './security/issues/WeakPasswordIssue';
import {strongUsersOnCritIssueReport} from './security/issues/StrongUsersOnCritIssue'; import {strongUsersOnCritIssueReport} from './security/issues/StrongUsersOnCritIssue';
import { import {
zerologonIssueOverview, zerologonIssueOverview,
@ -45,7 +44,7 @@ import {
zerologonOverviewWithFailedPassResetWarning zerologonOverviewWithFailedPassResetWarning
} from './security/issues/ZerologonIssue'; } from './security/issues/ZerologonIssue';
import {powershellIssueOverview, powershellIssueReport} from './security/issues/PowershellIssue'; import {powershellIssueOverview, powershellIssueReport} from './security/issues/PowershellIssue';
import {getCredentialsSecrets, getCredentialsUsernames} from './credentialParsing'; import {getCredentialsSecrets} from './credentialParsing';
import UsedCredentials from './security/UsedCredentials'; import UsedCredentials from './security/UsedCredentials';
@ -148,10 +147,6 @@ class ReportPageComponent extends AuthComponent {
[this.issueContentTypes.REPORT]: strongUsersOnCritIssueReport, [this.issueContentTypes.REPORT]: strongUsersOnCritIssueReport,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
}, },
'weak_password': {
[this.issueContentTypes.OVERVIEW]: weakPasswordIssueOverview,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER
},
'stolen_creds': { 'stolen_creds': {
[this.issueContentTypes.OVERVIEW]: stolenCredsIssueOverview, [this.issueContentTypes.OVERVIEW]: stolenCredsIssueOverview,
[this.issueContentTypes.TYPE]: this.issueTypes.DANGER [this.issueContentTypes.TYPE]: this.issueTypes.DANGER
@ -596,30 +591,17 @@ class ReportPageComponent extends AuthComponent {
let overview_issues = []; let overview_issues = [];
for(let i=0; i < issues.length; i++) { for(let i=0; i < issues.length; i++) {
if (this.isWeakCredentialsIssue(issues[i])) { if (this.isStolenCredentialsIssue(issues[i])) {
overview_issues.push('weak_password')
} else if (this.isStolenCredentialsIssue(issues[i])) {
overview_issues.push('stolen_creds'); overview_issues.push('stolen_creds');
} else { } else {
overview_issues.push(issues[i]) overview_issues.push(issues[i])
} }
} }
const newOverview = { ...report.overview, issues : overview_issues }; const newOverview = { ...report.overview, issues : overview_issues };
const newReport = { ...report, overview : newOverview }; const newReport = { ...report, overview : newOverview };
return newReport; return newReport;
} }
isWeakCredentialsIssue(issue) {
return (Object.prototype.hasOwnProperty.call(issue, 'credential_type') &&
issue.credential_type === 'PASSWORD' &&
getCredentialsSecrets(this.state.configuredCredentials, 'password').includes(issue.password) &&
getCredentialsUsernames(this.state.configuredCredentials).includes(issue.username))
}
isStolenCredentialsIssue(issue) { isStolenCredentialsIssue(issue) {
return ( Object.prototype.hasOwnProperty.call(issue, 'credential_type') && return ( Object.prototype.hasOwnProperty.call(issue, 'credential_type') &&
(getCredentialsSecrets(this.state.stolenCredentials, 'password').includes(issue.password) || (getCredentialsSecrets(this.state.stolenCredentials, 'password').includes(issue.password) ||

View File

@ -1,6 +0,0 @@
import React from 'react';
export function weakPasswordIssueOverview() {
return (<li>Machines are accessible using passwords supplied by the user during the Monkeys
configuration.</li>)
}