linux-account-lockout-threshold: Linux Account Lockout Threshold Check

日期: 2025-08-01 | 影响软件: Linux Account Lockout Threshold | POC: 已公开

漏洞描述

The system did not enforce an account lockout threshold, leaving it exposed to brute-force attacks through unrestricted login attempts.

PoC代码[已公开]

id: linux-account-lockout-threshold

info:
  name: Linux Account Lockout Threshold Check
  author: songyaeji
  severity: high
  description: |
    The system did not enforce an account lockout threshold, leaving it exposed to brute-force attacks through unrestricted login attempts.
  reference:
    - https://isms.kisa.or.kr/main/csap/notice/
  metadata:
    verified: true
  tags: local,linux,kisa,audit,compliance

self-contained: true

code:
  - engine:
      - bash
    source: |
      grep -E 'pam_tally2.so|pam_faillock.so' \
        /etc/pam.d/system-auth /etc/pam.d/password-auth /etc/pam.d/common-auth \
        2>/dev/null || echo "no-lockout-config"

    matchers:
      - type: word
        name: no-config
        part: response
        words:
          - "no-lockout-config"
# digest: 4b0a00483046022100ddbb8ad3614b22b608c14fd9c974fd7024e21bda73426b584045cf5f7270303d022100cd10a4cc0e4cf5302c7760c004a52a3ef979541703ca6130a740ec39dcb99c43:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/linux/audit/linux-account-lockout-threshold.yaml