[Openvas-discuss] SMB credentials not accepted

Lucyga Dierk Dierk.Lucyga at cancom.de
Fri Aug 13 16:43:53 CEST 2010


Hi all,

my config is as follows:

openvas-libraries 3.1.2
openvas-scanner 3.1.0
openvas-manager 1.0.1
gsa 1.0.1

When I try to enter SMB credentials only the domain and userid are uploaded, not the password. This is reflected in the manager log:

-------- CUT -------- HERE --------
md    omp:  DEBUG:2010-08-13 14h57.03 utc :767: -> client: <preference><nvt oid="1.3.6.1.4.1.25623.1.0.90023"><name>SMB Authorization</name></nvt><name>SMB domain (optional):</name><type>entry</type><value>testdomain</value></preference>

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x: SELECT value FROM config_preferences WHERE config = 7 AND name = 'SMB Authorization[entry]:SMB login:' ORDER BY type

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x end

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x: SELECT oid FROM nvts WHERE name = 'SMB Authorization' LIMIT 1;

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x end

md    omp:  DEBUG:2010-08-13 14h57.03 utc :767: -> client: <preference><nvt oid="1.3.6.1.4.1.25623.1.0.90023"><name>SMB Authorization</name></nvt><name>SMB login:</name><type>entry</type><value>testadmin</value></preference>

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x: SELECT value FROM config_preferences WHERE config = 7 AND name = 'SMB Authorization[password]:SMB password:' ORDER BY type

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x end

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x: SELECT oid FROM nvts WHERE name = 'SMB Authorization' LIMIT 1;

md   main:  DEBUG:2010-08-13 14h57.03 utc :767:    sql_x end

md    omp:  DEBUG:2010-08-13 14h57.03 utc :767: -> client: <preference><nvt oid="1.3.6.1.4.1.25623.1.0.90023"><name>SMB Authorization</name></nvt><name>SMB password:</name><type>password</type><value></value></preference>
-------- CUT -------- HERE --------

I'm inclined to attribute this behavior to the fact that gsa is running in http-only mode :-)
Can anyone acknowledge this or is it just a bug?

Thanks
Dierk Lucyga




More information about the Openvas-discuss mailing list