TOC & Recently Viewed

Recently Viewed Topics

Recovery Code Link

The Recovery Code link displays a page that enables use of the HMAC-Based One Time Password (HOTP) authentication to change the Appliance login password when it has been forgotten and the user is unable to log in.

If you need to access the recovery codes section, go to the interface on port 8000. Navigate to Administration -> Web Interface. Next, go to Appliance Management Interface Users. Click the recovery code link. This will take you to :https://<IP address or hostname>:8000/app/recoverycodes.

The first step requires the user to download an HOTP supported application on a device. Once installed, select the recovery code link in the Tenable Appliance interface to display the information required to set up the Appliance’s HOTP information on the device. Only the recovery page for the logged-in user will display. There are two different methods for entering the information.

The first method on the page is the QRCode Image of Recovery Secret. Scan the QRCode image with the HOTP application. The HOTP application will display information about the new credentials.

The second method is to manually enter the information supplied in the Text Entry of Recovery Secret section. Depending on the application used, you will need to enter one or more pieces of the supplied information. Select Counter or Key based if/when asked during the manual account setup.

A new recovery secret can be created for the user if the HOTP device should become compromised. As the compromised user, select your own username from the drop-down and enter your password in both the password and confirm password fields. Then, click Setup Recovery Secret to generate a new recovery code. A green banner will display indicating the change succeeded or a red banner will display indicating failure with a note indicating the incorrect information.

To confirm the HOTP application is configured correctly, generate a code from your software and enter it in the Enter a code from your software field and click Check. Entering the correct value will display the correct token and a message to validate success. Entering an incorrect value will produce an error message and the page will have to be reloaded. Entering an invalid code will cause the field to turn red; you will have the option to enter the code again.

If the password is lost and must be changed, navigate to https://<IP address or hostname>:8000/password. On this page, enter your username, the new password to associate with your account, and three of the codes in sequential order as provided by your HOTP application.

Note: Whenever the password is changed, a new recovery code is generated. The HOTP program must be updated as the previous HOTP code becomes invalid when a new password is set.

All Appliance Management Interface Users have equal and complete access to the Appliance.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.