Hi, On 03.01.2017 18:24, Reindl Harald wrote: > > Am 03.01.2017 um 18:17 schrieb Christian Fischer: >> On 03.01.2017 17:56, Reindl Harald wrote: >>> Am 03.01.2017 um 17:46 schrieb Michael Meyer: >>>> *** Reindl Harald wrote: >>>> >>>>> the scan is from yesterday, the issues are months old (includinmg >>>>> the openssh windows bruteforce nonsense on linux machines with >>>>> key-only-auth on recent Fedora steups) >>>> >>>> "openssh windows bruteforce nonsense on linux machines"? >>> >>> * no windows machine >>> * no 'auth_password' at all >>> * linux distributions don't raise version numbers but release fixes >>> >>> hence flagged as false positive yesterday since i not no longer can see >>> that red colored nonsense initially reported months ago >>> >>> High (CVSS: 7.8) >>> NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows) >>> (OID: 1.3.6.1.4.1.25623.1.0.809121) >>> Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type >>> and version (OID: 1.3.6.1.4.1.25623.1.0.10267) >>> >>> Installed version: 7.2 >>> Fixed version: 7.3 >> >> it would make sense if you provide your used feed version: >> >> GSA: >> >> Administration -> NVT Feed (OpenVAS 8 and below) >> Extras -> Feed status (OpenVAS 9+) > > as you can see in this thread the last feed update failed but it should > have been fixed at least *two months* before > > on machines with the settings below talking about 'auth_password' is > wrong to begin with as long you are not been able as scanner to find any > exception where password logins are allowed at all > > PasswordAuthentication no > ChallengeResponseAuthentication no > GSSAPIAuthentication no > GSSAPICleanupCredentials no
instead of pointing fingers it would really help if you just provide the asked information about your feed status as well as the output of the NVT "OS Detection Consolidation (1.3.6.1.4.1.25623.1.0.105937)". Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
