Plaintext Authentication
Caution: Tenable does not recommend plaintext credentials. Instead, use encrypted authentication methods when possible.
If a secure method of performing credentialed checks is not available, you can configure Tenable Security Center to perform checks over unsecure protocols using plaintext authentication settings.
Tenable Security Center supports the following plaintext authentication methods:
You can configure plaintext authentication options in scan policies, as described in The Authentication tab specifies authentication options during a scan. and Add a Scan Policy.
Tenable Security Center performs patch auditing on non-Windows targets only.
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the telnet, rsh, or rexec account that Tenable Security Center uses to perform checks on the target system. | - |
|
Password (Unsafe!) |
(Required) The password for the telnet, rsh, or rexec user. | - |
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the NNTP account that Tenable Security Center uses to perform checks on the target system. | - |
| Password | (Required) The password for the NNTP user. | - |
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the FTP account that Tenable Security Center uses to perform checks on the target system. | - |
| Password | (Required) The password for the FTP user. | - |
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the POP2 account that Tenable Security Center uses to perform checks on the target system. | - |
| Password | (Required) The password for the POP2 user. | - |
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the POP3 account that Tenable Security Center uses to perform checks on the target system. | - |
| Password | (Required) The password for the POP3 user. | - |
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the IMAP account that Tenable Security Center uses to perform checks on the target system. | - |
| Password | (Required) The password for the IMAP user. | - |
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the IMPI account that Tenable Security Center uses to perform checks on the target system. | - |
|
Password (Sent in Clear) |
(Required) The password for the IPMI user. | - |
| Setting |
Description |
Default |
|---|---|---|
|
Authentication Method |
(Required) The authentication method.
|
HTTP Login Form |
| Username | (Required) The username for the HTTP account that Tenable Security Center uses to perform checks on the target system. | – |
| Password | (Required) The password for the HTTP user. | – |
|
Login page |
(Required) The absolute path to the application login page. For example, /login.html. |
– |
|
Login submission page |
(Required) The action parameter for the form method. For example, for <form method="POST" name="auth_form" action="/login.php">, use /login.php. |
– |
|
Login parameters |
(Required) The authentication parameters (for example, login=%USER%&password=%PASS%). Tenable Security Center replaces the %USER% and %PASS% keywords with values supplied on the Login configurations drop-down menu. Tip: If needed, you can provide additional parameters, such as a group name or other information required for authentication. |
– |
|
Check authentication on page |
(Required) The absolute path of a protected web page that requires authentication. For example, /admin.html. |
– |
|
Regex to verify successful authentication |
(Required) The regex pattern you want Tenable Security Center to look for on the login page to validate authentication. Tip: Tenable Security Center can attempt to match a given string, such as Authentication successful. |
– |
| Cookies file |
(Required) A cookie file in Netscape cookies.txt format. |
– |