Am 03.01.2017 um 18:17 schrieb Christian Fischer:
On 03.01.2017 17:56, Reindl Harald wrote:
Am 03.01.2017 um 17:46 schrieb Michael Meyer:
*** Reindl Harald wrote:
the scan is from yesterday, the issues are months old (includinmg
the openssh windows bruteforce nonsense on linux machines with
key-only-auth on recent Fedora steups)
"openssh windows bruteforce nonsense on linux machines"?
* no windows machine
* no 'auth_password' at all
* linux distributions don't raise version numbers but release fixes
hence flagged as false positive yesterday since i not no longer can see
that red colored nonsense initially reported months ago
High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.809121)
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type
and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Installed version: 7.2
Fixed version: 7.3
it would make sense if you provide your used feed version:
GSA:
Administration -> NVT Feed (OpenVAS 8 and below)
Extras -> Feed status (OpenVAS 9+)
as you can see in this thread the last feed update failed but it should
have been fixed at least *two months* before
on machines with the settings below talking about 'auth_password' is
wrong to begin with as long you are not been able as scanner to find any
exception where password logins are allowed at all
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
