CCE-99060-6| Platform: cpe:/o:apple:mac_os_12 | Date: (C)2022-05-31 (M)2023-07-04 |
A policy banner is an additional window that is displayed during the login process. It requires users to acknowledge the contents of the banner by clicking an "Accept" button before proceeding to log in. Often used to supplement the lock screen message text, and to warn people of permitted system actions and possible legal consequences of misuse. In the macOS benchmark, enforcing a policy banner is proposed to dissuade the attacker from accessing the system. The presence of the banner may also help during prosecution.
Parameter:
[Warning: Authorized users only.]
Technical Mechanism:
/bin/echo "$PolicyBannerText" "/Library/Security/PolicyBanner.txt"
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 5.9 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 3.4 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80494 |
