# Copyright (C) 2006 Tenable Network Security # # This library may only be used in conjunction with the # Tenable passive vulnerability scanner (PVS). # # This library serves as a template file for companies # to use in the creation of a policy file. # # Several example plugins are included below. These plugins # detect Social Security numbers being hosted on web servers # or FTP servers. It could be easily expanded to look for clients # passing SSN information. # # This plugin will *not* detect user's passing social security numbers. # This plugin detects Social Security Numbers being stored on servers. # # Last Updated: $Date: 2009/04/06 20:33:18 $ id=9041 # no proxies, and only look at Web Servers, AOL IM, and Yahoo IM (for now). noplugin=1734 noplugin=3389 trigger-dependency dependency=1442 dependency=1723 dependency=1724 dependency=1270 dependency=1275 family=Data Leakage name=ssn number description=Detects SSN numbers nooutput risk=INFO match=ecurity match=umber regexi=.*ocial security.* NEXT id=9102 noplugin=1734 noplugin=3389 trigger-dependency dependency=1442 dependency=1723 dependency=1724 dependency=1270 dependency=1275 family=Data Leakage name=ssn number nooutput description=Social security info detected risk=INFO match=SSN NEXT id=9042 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=New Hampshire Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was New Hampshire - %L # Solution solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)00[1-3]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9043 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Maine Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Maine - %L # Solution solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)00[4-7]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9044 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Vermont Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Vermont - %L # Solution solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)00[89]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9045 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Massachusetts Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Massachusetts - %L # Solution solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)0([12][0-9]|3[0-4])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9046 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Rhode Island Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Rhode Island - %L # Solution solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)03[5-9]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9047 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Connecticut Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Connecticut - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)04[0-9]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9048 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=New York Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was New York - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)(0[5-9][0-9]|1[0-2][0-9]|13[0-4])(\3)[0-9]{2}( |-|)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9049 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=New Jersey Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was New Jersey - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)1(3[5-9]|4[0-9]|5[0-8])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9050 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Pennsylvania Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Pennsylvania - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)(159|1[6-9][0-9]|2(0[0-9]|11))(\3)[0-9]{2}( |-|)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9051 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Maryland Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Maryland - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)2(1[2-9]|20)( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9052 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Delaware Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Delaware - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)22[12]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9053 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Delaware Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Delaware - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)2(2[3-9]|3[01])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9054 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=North Carolina Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was North Carolina - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)2(2[3-9]|3[01])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9055 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=West Virginia Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was West Virginia - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)23[2-6]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9056 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=South Carolina Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was South Carolina - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)2(4[7-9]|5[01])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9057 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Georgia Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Georgia - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)2(5[2-9]|60)( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9058 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Florida Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Florida - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)26[1-7]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9059 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Ohio Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Ohio - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)(30[0-2]|2(6[89]|[7-9][0-9]))( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9060 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Indiana Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Indiana - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)3(0[3-9]|1[0-7])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9061 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Illinois Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Illinois - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)3(1[89]|[2-5][0-9]|6[01])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9062 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Michigan Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Michigan - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)3(6[2-9]|7[0-9]|8[0-6])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9063 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Wisconsin Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Wisconsin - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regex=(([^0-9\-]|^)3(8[7-9]|9[0-9])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9064 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Kentucky Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Kentucky - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)40[0-7]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9065 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Tennessee Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Tennessee - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)4(0[8-9]|1[0-5])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9066 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Alabama Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Alabama - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)4(1[6-9]|2[0-4])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9067 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Mississippi Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Mississippi - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)42[5-8]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9068 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Arkansas Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Arkansas - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)4(29|3[0-2])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9069 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Louisiana Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Louisiana - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)43[3-9]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9070 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Oklahoma Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Oklahoma - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)44[0-8]( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9071 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Texas Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Texas - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)4(49|5[0-9]|6[0-7])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9072 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Minnesota Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Minnesota - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)4(6[89]|7[0-7])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9073 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Iowa Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Iowa - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)4(7[89]|8[0-5])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9074 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Missouri Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Missouri - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=(([^0-9\-]|^)(48[6-9]|49[0-9]|500])( |-|)[0-9]{2}(\4)[0-9]{4}([^0-9A-Z\-]|$)) NEXT id=9075 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=North Dakota Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was North Dakota - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)50[12]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9076 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=South Dakota Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was South Dakota - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)50[34]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9077 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Nebraska Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Nebraska - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)50[5-8]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9078 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Kansas Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Kansas - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)5(09|1[0-5])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9079 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Montanta Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Montanta - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)51[67]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9080 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Idaho Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Idaho - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)51[89]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9081 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Wyoming Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Wyoming - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)520( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9082 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Colorado Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Colorado - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)52[1-4]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9083 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=New Mexico Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was New Mexico - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)5[28]5( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9084 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Arizona Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Arizona - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)52[67]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9085 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Utah Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Utah - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)52[89]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9086 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Nevada Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Nevada - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)530( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9087 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Washington Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Washington - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)53[1-9]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9088 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Oregon Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Oregon - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)54[0-4]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9089 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=California Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was California - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)5(4[5-9]|[56][0-9]|7[0-3])( |-|)[0-9]{2}(\3)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9090 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Alaska Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Alaska - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)574( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9091 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Hawaii Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Hawaii - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)57[56]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9092 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=District of Columbia Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was District of Columbia - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)57[789]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9093 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Virgin Islands or Puerto Rico Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Virgin Islands or Puerto Rico - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)580( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9094 family=Data Leakage trigger-dependency dependency=9041 dependency=9102 # name of plugin name=Puerto Rico Social Security Number plaintext detection # describe what it means when this plugin fires description=The remote server is accepting Social Security Number information across the network in plaintext. An attacker, sniffing this session, would be able to gain confidential information which could be used for future attacks (such as Identity Theft). The sniffed SS number was Puerto Rico - %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. # What is the overall risk? risk=HIGH regexi=([^0-9\-]|^)58[1-4]( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$) NEXT id=9101 family=Data Leakage name=Generic Social Security Number detection on an FTP server clientissue sport=20 description=The remote server is hosting what appears to be Social Security numbers. The observed Social Security Number was %L solution=Ensure that end-users are trained regarding Internet and Privacy issues. risk=HIGH regexi=(Social Security|SSN|SS#) regexi=([^0-9\-]|^)[0-9]{3}( |-|)[0-9]{2}(\2)[0-9]{4}([^0-9A-Z\-]|$)