generic.secrets.security.detected-etc-shadow.detected-etc-shadow

Community Favorite
profile photo of semgrepsemgrep
Author
42,313
Download Count*
LGPL Commons Clause
License

linux shadow file detected

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: detected-etc-shadow
    patterns:
      - pattern-regex: ^(\s*)(?P<ROOT>root:[x!*]*:[0-9]*:[0-9]*)
      - focus-metavariable: $ROOT
    languages:
      - regex
    message: linux shadow file detected
    severity: ERROR
    metadata:
      cwe:
        - "CWE-798: Use of Hard-coded Credentials"
      category: security
      technology:
        - secrets
      confidence: LOW
      owasp:
        - A07:2021 - Identification and Authentication Failures
      references:
        - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
      cwe2022-top25: true
      cwe2021-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: MEDIUM
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Hard-coded Secrets

Examples

detected-etc-shadow.txt

# ruleid: detected-etc-shadow
root::17431:0:99999:7:::
daemon:*:17431:0:99999:7:::
bin:*:17431:0:99999:7:::
sys:*:17431:0:99999:7:::
sync:*:17431:0:99999:7:::
games:*:17431:0:99999:7:::
man:*:17431:0:99999:7:::
lp:*:17431:0:99999:7:::
mail:*:17431:0:99999:7:::
news:*:17431:0:99999:7:::
uucp:*:17431:0:99999:7:::
proxy:*:17431:0:99999:7:::
www-data:*:17431:0:99999:7:::
backup:*:17431:0:99999:7:::
list:*:17431:0:99999:7:::
irc:*:17431:0:99999:7:::
gnats:*:17431:0:99999:7:::
nobody:*:17431:0:99999:7:::
sshd:*:17431:0:99999:7:::
ubuntu:$6$LnUhhUi45srUKt9i$4Hp6VRTOB2mxvsYH8mwsCfBryg6hCbm4JJjV26KplN8ewZ7EUVqQDkLKDW.O8XRHx.B76JkwXtyD3wnAXEuZN1:0:99999:7:::