Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PlugIn ID 10394

from [Lad, Amit] Network Security [Permanent Link]
Subject: RE: PlugIn ID 10394
Date: Tue, 21 Aug 2007 14:09:51 -0400 
Perform an plugin update.  Ran a test scan and looks like it is
resolved.  Thanks for the quick response!

Amit Lad | Information Security Engineer | Ciena | Office. 410-694-5998
| Cell. 510-376-8597 | alad@ciena.com


-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of George A. Theall
Sent: Tuesday, August 21, 2007 10:04 AM
To: nessus@list.nessus.org
Subject: Re: PlugIn ID 10394

On 08/20/07 10:11, Lad, Amit wrote:


After the August Microsoft Plugins were updated by my direct feed, my 
first was successful with no issues.  But the next day, for some

reason 

my scan is detecting PLUGIN ID 10394, which is the SMB Login 
vulnerability.  I checked and double-checked that this plug-in is not 
enabled in the plugin list, but it is still showing as a

vulnerability.  

Plugin #10394 is a dependency of many plugins that do local checks 
against Windows systems. More than likely, it was run because you had 
enabled plugin dependencies.

As for why it's reporting now... that was likely a bug I introduced in 
migrating to CVSS v2 last week -- instead of reporting a security hole 
if it could log in as administrator w/o a password, it was reporting a 
hole if it could simply login in, even if that was done with 
credentials. Again, that was a mistake, and I apologize for any 
inconvenience that's caused. A new version of the plugin should become 
available via nessus-update-plugins in a couple of hours.

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PlugIn ID 10394, George A. Theall
Next by Date:  Re: command line Nessus on Windows, George A. Theall
Previous by Thread:  Re: PlugIn ID 10394, George A. Theall
Next by Thread:  RE: PlugIn ID 10394, Lad, Amit
Indexes:  [Date] [Thread] [Top] [All Lists]