Hello All, I'm having an issue that I thought I had previously corrected. I am seeing OpenVAS trying to login into my devices with a number (90 to be exact) of default accounts (ro, anonymous, MDaemon, superadmin, at4400, mediator, OpenVAS, sysadm, PBX, user, volition, etc etc).
I created a new 'Scan Config' using the 'Full and Fast' template but I went ahead and disabled the 'Brute force attacks' field. I also went ahead and backed up the default_credentials.inc file and proceeded to remove all of the users that were in this file. This seemed to have worked a few weeks ago, but yesterday it appears that this file was copied over during an update. When I ran another scan, it appears that OpenVAS once again started using the default accounts even though the 'Brute force attacks' field is still disabled in my 'Scan Config's file. I don't quite understand what I'm missing or doing wrong. Any help would me greatly appreciated. Thank you! Mat
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
