Thanks George, Excuse me, in last mail I said I have disabled all plugins, but really, all ports scanners are enabled. Also, I can do telnet from others machines: telnet service is enabled and I can login with root.
another idea? Regards, Jos� Luis
--- Begin Message ---On Tue, Jun 03, 2003 at 11:33:22AM +0200, ARRIBAS SIMON-Jose-Luis wrote: > In order to do some test, I have disabled > all plugins from the windows console and I have enabled "Default Unix > Accounts" plugins family (one plugin of this family is "Default password > (root) for root"), and I have changed the account "root" password: now > is root. After, I have scanned this test machine (Solaris 2.5), but the > result is: > > 0 Holes > 0 warnings > 0 infos Ok, first of all, you don't appear to have selected any port scanners. Is this right? Unless you do, nessus will consider the host dead and won't run any non-scanner plugins against it. Also, account_root_root.nasl, the plugin you've selected, works by trying to telnet to the host and logging in as root/root. I don't know about stock Solaris 2.5 boxes, but I wouldn't be surprised if (1) your host doesn't allow root logins except from the console and (2) telnet is disabled completely. If either of these holds true for your target, Nessus won't uncover this vulnerability. George -- [EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
--- End Message ---
