AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Nessus network scanner2/19/2023 This becomes a serious problem if an attacker gains access to your network. Because password authentication is symmetric in nature, it is important to understand that Nessus will be sending the configured credentials to every SSH service on the tested networks. If Secure Shell (SSH) via password authentication is used as Nessus’s means of authentication for hosts to be tested (as it commonly is for Linux systems), then these administrative credentials are being given to every host with an IP address on your network. Herein lies the problem that we will be discussing. In this case, the administrator will configure Nessus to perform the Credentialed Patch Audit scan on all subnets the said administrator is responsible for. Many administrators who opt to perform a Credentialed Patch Audit will either create a local administrator account on all hosts to be scanned or will use an existing administrator account for this purpose. Since this method of testing may rely on actually exploiting the service in question, this method of testing carries a degree of risk associated with it, as well as a high number of false positives and false negatives.Ĭredentialed Patch Audits differ from this by instead logging into the target hosts with configured credentials and checking to see if those hosts are patched against known vulnerabilities. These blackbox tests are launched against the various services running on a target, and depending on the way that service responds, Nessus reports its judgment on whether that service is affected by the tested vulnerability. This is opposed to the basic, blackbox network-based unauthenticated scan that entails launching several network-based vulnerability tests against a set of hosts. In this post, we will be discussing authenticated scans such as the Credentialed Patch Audit offered by Nessus. We will then show you how to leverage this weakness yourself as a proof-of-concept and show you how to remediate this vulnerability so that you are no longer affected.Īuthenticated vs. In this blog post, we will be covering a misconfiguration common in Nessus installations across organizations and detailing how this misconfiguration can have lethal consequences for your network’s security posture. Security is a complex goal and requires in-depth knowledge of the inner workings of your systems and how they interact with each other. Nessus is the vulnerability scanner of choice by administrators and security professionals alike, but adding a security appliance to your network doesn’t necessarily make you more secure. If used, it is the equivalent of saying, “Welcome to the network! Oh, and here’s the admin password for all our assets!” to every host that appears on your network. There is a terrible, yet surprisingly common, Nessus authenticated scanning configuration that could be the bane of your network during a compromise. Have you configured Nessus to betray you? Introduction
0 Comments
Read More
Leave a Reply. |