On 08/20/07 10:11, Lad, Amit wrote: > After the August Microsoft Plugins were updated by my direct feed, my > first was successful with no issues. But the next day, for some reason > my scan is detecting PLUGIN ID 10394, which is the SMB Login > vulnerability. I checked and double-checked that this plug-in is not > enabled in the plugin list, but it is still showing as a vulnerability.
Plugin #10394 is a dependency of many plugins that do local checks against Windows systems. More than likely, it was run because you had enabled plugin dependencies. As for why it's reporting now... that was likely a bug I introduced in migrating to CVSS v2 last week -- instead of reporting a security hole if it could log in as administrator w/o a password, it was reporting a hole if it could simply login in, even if that was done with credentials. Again, that was a mistake, and I apologize for any inconvenience that's caused. A new version of the plugin should become available via nessus-update-plugins in a couple of hours. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
