Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus user passwords

from [Jared M Breland] Network Security [Permanent Link]
Subject: Re: Nessus user passwords
Date: Tue, 31 Aug 2004 13:10:57 -0500 

I mean just any special characters.  Eg., !@#$%^&*()_+-=

If I wanted to enter a user password as something like qwER12#$, should
Nessus accept that, both in the user setup utility (which it does for me)
and logging in from the client (which it does not for me)?

And yes, the passwords are hashed.

--
Jared Breland                 International Paper
jared.breland@ipaper.com      Information Security
901-419-5077                  http://irm.ipaper.com/



                                                                           
             "George Theall"                                               
             <theall@tifaware.                                             
             com>                                                       To 
             Sent by:                  nessus@list.nessus.org              
             nessus-bounces@li                                          cc 
             st.nessus.org                                                 
                                                                   Subject 
                                       Re: Nessus user passwords           
             08/31/2004 12:17                                              
             PM                                                            
                                                                           
                                                                           
                                                                           
                                                                           




On Mon, Aug 30, 2004 at 01:14:03PM -0500, Jared M Breland wrote:


   Does nessus/nessusd support special characters in user passwords?


What exactly do you mean by "special characters"? Are you talking about
unprintable characters or those like "\" or "/"? I'm not aware of any
restrictions in Nessus, although I'm sure there are in practice,
especially if you're referring to unprintable characters.

Also, are passwords being stored by Nessus as plaintext or MD5 hashes?
Check for /usr/local/var/nessus/users/$user/auth/{hash,password} or
something similar.

George
--
theall@tifaware.com
(See attached file: att02q2e.dat)
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Attachment: att02q2e.dat
Description: Binary data

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus user passwords, George Theall
Next by Date:  HTML Graph Reports..., Vaccare, Anthony
Previous by Thread:  Re: Nessus user passwords, George Theall
Next by Thread:  Nessus book, Jared M Breland
Indexes:  [Date] [Thread] [Top] [All Lists]