Plaintext Authentication Credentials
Caution: Tenable does not recommend using plaintext credentials. Use encrypted authentication methods when possible.
If a secure method of performing credentialed checks is not available, users can force Nessus to try to perform checks over unsecure protocols; use the Plaintext Authentication options.
This menu allows the Nessus scanner to use credentials when testing HTTP , NNTP, FTP, POP2, POP3, IMAP, IPMI, telnet/rsh/rexec, and SNMPv1/v2c.
By supplying credentials, Nessus can perform more extensive checks to determine vulnerabilities. Nessus uses the supplied HTTP credentials for Basic and Digest authentication only.
Credentials for FTP, IPMI, NNTP, POP2, and POP3 require only a username and password.
HTTP
There are four different types of HTTP Authentication methods: Automatic authentication, Basic/Digest authentication, HTTP login form, and HTTP cookies import.
HTTP Global Settings
| Option | Default |
Description |
|---|---|---|
|
Login method |
POST |
Specify if the login action is performed via a GET or POST request. |
|
Re-authenticate delay (seconds) |
0 |
The time delay between authentication attempts. This is useful to avoid triggering brute force lockout mechanisms. |
|
Follow 30x redirections |
0 |
If a 30x redirect code is received from a web server, this directs Nessus to follow the link provided or not. |
|
Invert authenticated regex |
Disabled |
A regex pattern to look for on the login page, that if found, tells Nessus authentication was not successful (for example, Authentication failed!). |
|
Use authenticated regex on HTTP headers |
Disabled |
Rather than search the body of a response, Nessus can search the HTTP response headers for a given regex pattern to determine the authentication state more accurately. |
|
Use authenticated regex on HTTP headers |
Disabled |
The regex searches are case sensitive by default. This instructs Nessus to ignore case. |
Authentication methods
Automatic authentication
Username and Password Required
Basic/Digest authentication
Username and Password Required
HTTP Login Form
The HTTP login page settings provide control over where authenticated testing of a custom web-based application begins.
| Option | Description |
|---|---|
|
Username |
Login user’s name. |
|
Password |
Password of the user specified. |
|
Login page |
The absolute path to the login page of the application (for example, /login.html). |
|
Login submission page |
The action parameter for the form method. For example, the login form for <form method="POST" name="auth_form" action="/login.php"> would be /login.php. |
|
Login parameters |
Specify the authentication parameters (for example, login=%USER%&password=%PASS%). If you use the keywords %USER% and %PASS%, they are substituted with values supplied on the Login configurations drop-down box. You can use this field to provide more than two parameters if required (for example, a group name or some other piece of information is required for the authentication process). |
|
Check authentication on page |
The absolute path of a protected web page that requires authentication, to assist Nessus in determining authentication status (for example, /admin.html). |
|
Regex to verify successful authentication |
A regex pattern to look for on the login page. Simply receiving a 200-response code is not always sufficient to determine session state. Nessus can attempt to match a given string such as "Authentication successful!" |
HTTP cookies import
To facilitate web application testing, Nessus can import HTTP cookies from another piece of software (for example, browser, web proxy, etc.) with the HTTP cookies import settings. You can upload a cookie file so that Nessus uses the cookies when attempting to access a web application. The cookie file must be in Netscape format.
NNTP
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the NNTP account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the NNTP user. | - |
FTP
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the FTP account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the FTP user. | - |
POP2
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the POP2 account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the POP2 user. | - |
POP3
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the POP3 account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the POP3 user. | - |
IMAP
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the IMAP account that Tenable Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the IMAP user. | - |
IPMI
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the IMPI account that Tenable Nessus uses to perform checks on the target system. | - |
|
Password (sent in clear) |
(Required) The password for the IPMI user. | - |
telnet/rsh/rexec
The telnet/rsh/rexec authentication section is also username and password, but there are more Global Settings for this section that can allow you to perform patch audits using any of these three protocols.
SNMPv1/v2c
SNMPv1/v2c configuration allows you to use community strings for authentication to network devices. You can configure up to four SNMP community strings.
| Setting | Description | Default |
|---|---|---|
| Community string | (Required) The community string Tenable Vulnerability Management uses to authenticate on the host device. | public |
|
|
||
|
UDP Port |
(Required) The TCP ports that SNMPv1/v2c listens on for communications from Tenable Nessus. | 161 |
| Additional UDP port #1 | ||
| Additional UDP port #2 | ||
| Additional UDP port #3 | ||